Tracking the "Crusader Spammer"

The latest...

29 Sep 95 Two new developments. One, the spam has continued from a machine in Italy. I (and I'm sure many others) have notified their contacts. Two, from communications with the admins of the French and German sites, it would seem that the spam originated at that site -- the spammers gained root access via the sendmail bug. At the moment a number of US and non-US agencies are looking for the perpetrators.

30 Sep 95 As of 5PM EST the script is still running on The admins there must have lost total control of their site, which means it may continue for a while. Also, someone started cancelling messages to the newsgroup that concern this spam. Whenever reporting any net-abuse, please be sure to include the complete headers with your message!!!

2 Oct 95 Well, it's been a day or two since we're seen any new email spams. I have been in touch with the IP feed for the Italian domain, and they are monitoring the situation. UUNET has tracked down who was issuing the forged cancels - they were coming from the same site in Italy as the forged email. (see logs in usenet section below).

3 Oct 95 I've been informed that the folks behind this are trying to send another spam, but are not currently succeeding. Hopefully this will continue to be the case, however, I expect the recent verdict in the OJ trial will prompt some response from them. Also, the forged cancels seem to be continuing for news.admin-net-abuse.misc. Therefore I am saving all cancelled posts from that group in the usenet section below.

6 Oct 95 It's been 3 days since the last update, and there's not much new to report. I've not heard of any attempts to repeat this, and the last mail was sent out very late on 30 Sept. This will be the last entry until something new occurs. Considering that both the white supremecist groups, and the more rational people of the net are all looking for who did this, I think the culprits will keep low-key for a while. Thanks to everyone who wrote in expressing their support.