Spam is reactivating an address (resetting counter)

Use this forum to get help.

Spam is reactivating an address (resetting counter)

Postby ndvkroby » Mon Sep 08, 2008 5:10 am

I gave up on an address and set its counter from 20 to 0. ?Since then, the bad guys have somehow reactivated the counter on this account (twice). There appears to be some way for them to trick spamgourmet into resetting the counter.

I have NO trusted or exclusive senders for this account/address.

I know the counter used to be 20, because of the subject headers from old spams. ?I've only included a couple headers (the receive header from spamgourmet and the subject header with the message counter).
Received: from qwerty.ru (host-77-41-108-148.qwerty.ru [77.41.108.148] (may be forged))
by gourmet.spamgourmet.com (8.13.8/8.13.7) with SMTP id xxxx
for <xx.yyy@antichef.net>; Thu, 28 Aug 2008 xx:xx:xx GMT
...
Subject: Murray won last night (xx: message 15 of 20)

I zeroed the counter after this message. The next day, the bad guys managed to reactivate the account, and the counter was back at 20:
Received: from outbound-mail-13.bluehost.com (outbound-mail-13.bluehost.com [69.89.18.113])
by gourmet.spamgourmet.com (8.13.8/8.13.7) with SMTP id xxxx
for <xx.yyy@antichef.net>; Fri, 29 Aug 2008 xx:xx:xx GMT
...
Subject: LUCKY WINNER CONGRATULATIONS (xx: message 1 of 20)

I again zeroed the counter. And today, they reactivated the account with the counter set to 4:
Received: from webmail-srv1.servage.net (webmail-srv1.servage.net [77.232.66.249])
by gourmet.spamgourmet.com (8.13.8/8.13.7) with ESMTP id xxxx
for <xx.yyy@antichef.net>; Mon, 8 Sep 2008 xx:xx:xx GMT
...
Subject: Geschaft (xx: message 1 of 4)

This appears to be some sort of exploit of the spamgourmet software. ?I can't figure out how the message counter for this account is being reset. ?Has anyone else seen this? ?Any idea if there is a vulnerability in the system?

One possible vulnerability: perhaps there are special characters that make an address look like a new one to some parts of the spamgourmet software, but other parts of the software recognize the address as the old one (non-printing characters, for example).

[aside:]
-I've only recently become a victim of the "altered address" spam technique. Thank heavens for watchwords.
-I'm guessing the bad guys read these forums, too. Hi, bad guys.

Thanks for the fantastic service. ?I hope these bad guys don't spell trouble for the future.
ndvkroby
 
Posts: 9
Joined: Mon Sep 08, 2008 4:47 am

Return to Support / Hilfe / ayuda / ondersteuning / ...

Who is online

Users browsing this forum: No registered users and 27 guests

cron