ZDNet UK / News and Analysis / Business of IT / IT Strategy

Looping emails: Latest scourge of the Internet?

By Matt Loney, ZDNet.co.uk, 1 March, 2002 16:04

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Spam, Email, Linux, Hackers, Attack, Suse, assault, Security, Denial of service

NEWS
When Roman Drahtmuller saw the volume of complaints his company was receiving from disgruntled emailers, some of whom had suddenly received hundreds of spam emails from the same source, he knew something was wrong. "We are in trouble," wrote the security expert, who works for Linux distributor SuSE in Germany, in a reply to the spam victims. He proceeded to explain why. The problem was that people around the world were apparently getting spammed by SuSE and up to 20 other companies. And the victims were not getting just one spam from each company, but hundreds. To make matters worse, every time one victim sent an email reply to complain, that email was forwarded on to everybody else on the list. Far from abating the torrent of spam, each complaint merely exacerbated the problem. There was, it seemed, nothing anybody could do. Although companies such as SuSE looked to be the cause of the problem they, too, were victims: the emails appeared to be coming from mailing lists including security@suse.com, said Drahtmuller, but they were in fact originating from savoixmagazine.com, the Web site of a Singapore-based women's magazine. So when Drahtmuller wanted to send out an email explaining the problem, it was easy to reach the victims; he simply sent his email to savoixmagazine.com. "This is the problem," wrote Drahtmuller. "Someone has set his mail system to forward all email going to latestissue@savoixmagazine.com to a large list of recipients, mainly mailing lists (which is the reason why I get these emails here: security@suse.com is also on this list)." In addition to security@suse.com, some help and subscribe lists were included; the type of addresses that tend to send out an automatic reply confirming receipt. All these automatic replies that were being sent back to savoixmagazine.com were bounced straight back out to the magazine's mailing entire mailing list -- including security@suse.com and the other such lists, resulting in a never-ending loop, and a torrent of emails for anybody unlucky enough to find themselves on the list. "I will therefore shutdown/blackhole our mailing list server... until the problems with latestissue@savoixmagazine.com are solved," wrote Drahtmuller. "We at SuSE are sorry for this incident, but since we are not responsible for what is going on, there is nothing much we can do against it." Most worryingly, said Drahtmuller, was that the actual culprits may not have been seeing the emails they produced. The SuSE/SavoixMagazine incident, while unusual, was not unique. A US-based data recovery company recently found itself in the same situation, though it is not clear whether in this case the company was to blame. When Drahtmuller contacted savoixmagazine.com's hosting company in the US, the situation slipped into the ridiculous as the hosting company tried to reply in Drahtmuller's native German language. "Even though we contacted them in English, they ran their response through Babelfish (translation software) so we couldn't understand what they were saying," he told ZDNet UK. "In the end we blocked their servers from our mail exchanges. We did what we could but the problem still existed." Drahtmuller said that SuSE fixed the problem quickly, "within 40 minutes", but added, "There were still mails in queues everywhere in world directed back to security list," and these emails continued to propagate the loop. Drahtmuller's belief was that the system administrators running savoixmagazine.com's server "didn't know what they were doing." The problem, he said, was that the server was stripping part of the email headers; this was why people receiving the emails did not see savoixmagazine.com's address at the top and instead believed them to be coming from SuSE's security mailing list. "At savoixmagazine.com the mail headers were cut so it was almost impossible to find out where the mail originated from," said Drahtmuller. The everyday analogy is a letter stripped of its envelope that had the original return address printed on it, repackaged in a new envelope with a different return address, and forwarded on. "Usually mail loops like this are not possible with Unix systems because they always maintain the headers," he added. Drahtmuller said the incident was probably an accident, rather than a malicious attack, but noted that it would be possible for a malicious person to create such an attack intentionally, and sometimes does happen when spammers forge sender addresses on email. "All you have to do is to get a set of email addresses, put them into a mailing list, and you could trigger such a loop. It doesn't happen frequently, but I have seen it a couple of times." Savoixmagazine.com was not available for comment.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section. Have your say instantly, and see what others have said. Go to the Security forum. Let the editors know what you think in the Mailroom.

Related stories

Scripting flaw leaves sites vulnerable

Security guru: Let's secure the Net

Cloud Nine sells up after DoS attack

Heart of England NHS begins massive digitisation plan

Hard-drive woes hit PC shipments in fourth quarter

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Frederick Wrigley

I'be been using Mint 12 since the RC came out, and I am far more happy with the Cinnamon, the Mate, and, yes (with extensions), theGnome 3...

5 minutes ago by Frederick Wrigley via Facebook on A tale of two distros: Ubuntu and Linux Mint
bdantas

Excellent article. One small correction, though--although a fresh installation of Linux Mint 12 will, indeed, provide the user with a version of...

48 minutes ago by bdantas on A tale of two distros: Ubuntu and Linux Mint
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 hour ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 hour ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Moley

For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

2 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
ramwellian

Your comments would seem pretty naive and immature. Your 'solution' appears to be, "gee, let's all just give in to the hackers and give them...

2 hours ago by ramwellian on Cloud computing security: no more oxymoron?
BugStalker

"Interesting thought ... If you installed Win7 as a dual boot on a machine that previously only had Linux, and it wrecked your Linux installation,...

3 hours ago by BugStalker on Windows 7 Declares War on GRUB
whs001

This is an excellent summary of Ubuntu and Mint and the interface differences between them. Most such articles take a very partisan position for...

3 hours ago by whs001 on A tale of two distros: Ubuntu and Linux Mint
Moley

@ewallace. Not so clear. Anyone can obtain the text, for example from here http://www.ustr.gov/webfm_send/2379. I support ACTA so long as it and...

3 hours ago by Moley on ACTA: Facts, misconceptions and questions
45283

I think WinRT is fantastic. I just wish it was an option for people that didn't want to go through Microsoft's App Store with its attendant...

6 hours ago by 45283 on Why Windows 8 needs architectural hygiene for WOA
Burn-IT

Nine people? £30m? Who's back pocket is that lot going in? And IF they say it is for new buildings, what about all the ones the government has...

7 hours ago by Burn-IT on Police set to launch three £30m e-crime hubs
ewallace

Just to be clear, nobody knows what is in the text of ACTA, here is a photograph of the text of ACTA http://twitpic.com/8h9iju as submitted to the...

7 hours ago by ewallace on ACTA: Facts, misconceptions and questions
fgvrg56

Unfortunately main issue is that ASUS is refusing to accept that they make some mistake on this version of asus Transformer prime. 1 - GPS sensor...

9 hours ago by fgvrg56 on Asus Eee Pad Transformer Prime Wi-Fi & GPS problems?
Ben Woods

@Marcus A fair question. Just talked with Archos which said it was working on an announcement for next week....

10 hours ago by Ben Woods on Archos confirms G9 Ice Cream Sandwich update schedule
Marcus Karlsson

Any update on this, considering the claimed "first week of February"?

11 hours ago by Marcus Karlsson via Facebook on Archos confirms G9 Ice Cream Sandwich update schedule
apexwm

Bill Goodrich : Just as al_langevin pointed out, with Windows Server 2008 there is no Services for Macintosh anymore. It's gone, not available....

19 hours ago by apexwm on Windows Server 2008 drops the ball for Mac compatibility
txtrainguy

Replying to an old topic that I'm currently facing with my CEO (who is on a Mac). Our servers are primarily Windows Servers, office is about...

1 day ago by txtrainguy on Windows Server 2008 drops the ball for Mac compatibility
k0tcs3

Sure, that makes perfect sense. Pay wrong-doers money and thank them for breaching your security and pointing out your flaws, that would surely...

1 day ago by k0tcs3 on US indicts Romanian over NASA climate change hack
Random_Error

I think he's referring specifically to Android apps, as Apple do regulate their App Store, but Google seem to let any old crap onto the Android store!

1 day ago by Random_Error on RIM: BlackBerry will keep 'garbage' apps out of store
Paul Fezziwig

Keep the crap apps out?! How will they compete with Android and Apple's claim to fame of having so many life changing apps? I wonder if the media...

1 day ago by Paul Fezziwig via Facebook on RIM: BlackBerry will keep 'garbage' apps out of store

Latest in IT Strategy

Heart of England NHS begins massive digitisation plan

Hard-drive woes hit PC shipments in fourth quarter

Featured white papers

How cloud adds strategy to IT outsourcing

SAVVIS

How cloud adds strategy to IT outsourcing

Thanks to cloud computing, IT outsourcing is back, but this time it can help both in cutting costs and helping the business... Read more

Tech breakthroughs to watch in 2012

ZDNet UK

Tech breakthroughs to watch in 2012

From invisibility cloaks to virtual atom smashing, from Cern to Nasa, this ZDNet UK guide presents the discoveries to watch in... Read more

Key trends driving global business resilience and risk

IBM

Key trends driving global business resilience and risk

This IBM research paper looks at how businesses are thinking more about business resilience by improving the ability to adapt to a continuously changing business... Read more

Inside ZDNet UK

A tale of two distros: Ubuntu and Linux Mint

A tale of two distros: Ubuntu and Linux Mint

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

Case study: How cloud enables growth

Case study: How cloud enables growth

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault