|

Interesting mail sender

View: New views

5 Messages — Rating Filter: Alert me

	Interesting mail sender by SZALAY Attila-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message In the recent days our firewall block some message which have a very interesting mail from address. The log message is looks like this: Invalid SMTP command; request='MAIL', param='From:<aadorris@zfJah]+o7Z->' May this be an exploit or just a wrongly setup in a spammer program? ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Interesting mail sender by Tuc at T-B-O-H.NET :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > > In the recent days our firewall block some message which have a very > interesting mail from address. > > The log message is looks like this: > > Invalid SMTP command; request='MAIL', param='From:<aadorris@zfJah]+o7Z->' > > May this be an exploit or just a wrongly setup in a spammer program? > I've been getting alot with "To: <\|tuc@...>" (Note the pipe...) Tuc ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Interesting mail sender by merigoth :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I think it's a "wrong" setup. Possibly the domain was written in a pictographic language like chinese, korean, or japanese. On 9/27/07, Szalay Attila <sasa@...> wrote: > In the recent days our firewall block some message which have a very > interesting mail from address. > > The log message is looks like this: > > Invalid SMTP command; request='MAIL', param='From:<aadorris@zfJa h]+o7 > Z ->' > > May this be an exploit or just a wrongly setup in a spammer program? > > > > ------------------------------------------------------------------------- > This list sponsored by: SPI Dynamics > > ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper > It's as simple as placing additional SQL commands into a Web Form input box > giving hackers complete access to all your backend systems! Firewalls and > IDS > will not stop such attacks because SQL Injections are NOT seen as intruders. > Download this FREE* white paper from SPI Dynamics for a complete guide to > protection! > > https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E > -------------------------------------------------------------------------- > > ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Interesting mail sender by daniel-231 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message looks like spam bot spill, foreign language caused the characters probably, what does the header info contain? do you have any more samples? On Thu, 2007-09-27 at 19:42 -0400, Tuc at T-B-O-H.NET wrote: > > > > In the recent days our firewall block some message which have a very > > interesting mail from address. > > > > The log message is looks like this: > > > > Invalid SMTP command; request='MAIL', param='From:<aadorris@zfJah]+o7Z->' > > > > May this be an exploit or just a wrongly setup in a spammer program? > > > I've been getting alot with "To: <\|tuc@...>" > (Note the pipe...) > > Tuc > > ------------------------------------------------------------------------- > This list sponsored by: SPI Dynamics > > ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper > It's as simple as placing additional SQL commands into a Web Form input box > giving hackers complete access to all your backend systems! Firewalls and IDS > will not stop such attacks because SQL Injections are NOT seen as intruders. > Download this FREE* white paper from SPI Dynamics for a complete guide to protection! > > https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E > -------------------------------------------------------------------------- > ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Interesting mail sender by Valdis.Kletnieks :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 27 Sep 2007 20:32:05 +0200, Szalay Attila said: > Invalid SMTP command; request='MAIL', param='From:<aadorris@zfJah]+o7Z->' > > May this be an exploit or just a wrongly setup in a spammer program? First thought through my head when I saw this: Two strings walk into a bar, and the bartender says "We don't serve strings here. You aren't a string, are you?" The first string says "No, I'm a frayed knot.a$$%3333343__RG__RG__RU__FG" The second string says "You'll have to excuse my friend, he's not null-terminated". I've always been amazed at the sort of botches I've seen in the lower-quality ratware. Isn't there any pride in craftsmanship? :) attachment0* (234 bytes) Download Attachment