Monday, April 14, 2008

sony gets hacked, i get spammed

so i'm sitting at work and i receive three e-mail's from "" subjugated "Hello!!!". well, my first impression since they were received on an internally known address, are that it's spam. i opened them and they were all the same. they had a link labeled "More beautiful woman information" to some Asian website and, since Thunderbird picked up on it being spam, a blocked image. i was curious what this image was (it was quite large, in size) so i viewed the message source: spoofed address from gmail and relayed through yahoo, looks like standard spammer junk ... ah! i found an image html tag that goes to (note: i split these into two lines so you could see the whole link):

i copied the address into FireFox, and replaced my e-mail address with the address they spoofed. in my address bar, i entered:

i pressed enter. a blank image appeared on my screen. it instantly clicked in my head what they must be trying to do. they send you an e-mail, you open it and it connects and upon requesting this image it sends your e-mail address to them, confirming you are a real person. they are fishing for real people to spam.

i was curious if they were running apache or micro$oft's iis; i hacked off everything after the last whack:

damn! virtual directory listing denied. okay, let's request a document that probably doesn't exist.

yes! and it looks like we get the standard iis 404 page not found error. i was still curious who owned this box that had obviously been hacked. i attempted to browse to just the ip address, but nobody was home. i did a reverse dns check on the ip address, which turned up nothing. in my last attempt to find out who this address belonged to, i did a whois and got something:

% [ node-2]
% Whois data copyright terms

inetnum: -
netname: SONET-NET
country: TW
descr: Sony Network Taiwan Limited
descr: 2Fl., Building E, No. 19-13, San Chung Road
descr: Taipei Taiwan 115
admin-c: JC417-AP
tech-c: CC115-AP
changed: 20031125
source: APNIC

looks like our friends at Sony have been exploited, or are supporting it. well, i guess the moral of today's story is that a quitter never wins and never trust micro$oft.