rconner Posted July 13, 2007 Share Posted July 13, 2007 It was nice of this spammer (tracking link) to show us the config file from his bulk-mailing program instead of the drug spam that he probably intended. It is full of interesting stuff. -- rick Link to comment Share on other sites More sharing options...
Farelf Posted July 15, 2007 Share Posted July 15, 2007 I wonder if a competent web slueth could use fragments of that code to track down the actual computer used to assemble the message? I mean Googling bits of the code produces all sorts of hits on hijacked blogs as well as reported email and the like, all forming a volume of "observations" which some folk might be capable of analysing, corellating with traffic patterns, etc. Nah, just fantasy isn't it? Too much "NCIS" and the like. Just a passing fancy it would be nice to take the fight to the actual lair of the perpetrator. Where's Abigail Sciuto when you need her? Link to comment Share on other sites More sharing options...
rconner Posted July 16, 2007 Author Share Posted July 16, 2007 I wonder if a competent web slueth could use fragments of that code to track down the actual computer used to assemble the message? Sorry to confess to the un-American crime of not watching television, but I can't vouch for NCIS or Ms. Scuito. However, I have myself cast a more critical eye over some of this data. I couldn't find much that would identify particular networks or servers, apart from an entry that apparently defines what nameservers the software is supposed to use: dns_list { 207.217.126.81 68.87.96.3 } ...pointing respectively to Comcast and Earthlink NSs. We have a username and password that maybe we might use if we knew where: http_user = yoshi http_pass = yoshi1980 Happy 27th birthday, Yoshi. Here's some info about proxies: new_proxy_file = /home/dist/proxies.new proxy_delete_bad_on_start = true proxies_alloc = 55000 Wow, making room for 55,000 zombies? And, wouldn't you (or the FBI) like to have a peek at /home/dist/proxies.new? Here are some interesting entries related to realtime block lists. I've no idea what they mean: rbl_penalty = 0 rbl_penalty_blockset = 0 rbl_expiry = 0 Most of the rest seems to be tuning for the executable: thread control, connection control, etc. No idea what kind of bulker software this is, or where it is running. -- rick Link to comment Share on other sites More sharing options...
Spamnophobic Posted July 16, 2007 Share Posted July 16, 2007 A little googling shows that yoshi1980, bless his little cotton socks, is quite one of the most talked-about spammers on the Internet at the moment. His little blunder is being relished far and wide. Apart from this I noticed that there is also a yoshi1980 on a German singles website. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.