Tracking the "Crusader Spammer"

This is a slick hack, aimed at flooding the mailbox of National Alliance's netcom account, but instead it will torture thousands of mailing list and news admins all over the globe. Someone (possibly from netwest.com) posted the following message "From" listserv@netcom.com to a whole bunch of test groups.

Lots of machines all over the world, will see this "test" message and attempt to respond to "the author" -- listserv@netcom.com. When netcom's listserver sees this reply, it will think that treborle@netcom.com has requested to be subscribed to over 900 groups, and flood his mailbox. Even if he removes himself from those lists, the autoresponses will flood in for weeks, and put him right back on. (Note they also did this for 73323.603@compuserve.com - another National Alliance email address.)

This is a BAD idea, folks. This is going to create a huge nightmare for over 900 listserv maintainers, hundreds of news admins, and netcom's already overworked staff. The compuserve mailings are very quickly going to bounce with "full mailbox" errors, and those bounces will go back to the list owners -- and every time they remove that account, it'll be resubscribed.

Whoever pulled this gets a 9.5 for a slick hack, and minus 10 million for good thinking.


* The two small (unarmed) tests.
* The large attack on treborle@netcom.com
* The large attack on 73323.603@compuserve.com


By: lan@panix.com