Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam my users


  • Please log in to reply
13 replies to this topic

#1 granada12

granada12

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 29 September 2016 - 10:31 AM

Hi Guys,

 

I want to do something special to sensitize my users to the danger of spam. We have a spam solution but some trash sometime make it through.

 

Here's the process i want to accomplish. 

 

1rst i sent an email to everyone of my organisation with a random email adress with a link in it. Whenever someone click the link it goes somewhere (possibly a web page) giving an error, but i get statistic of who or how many click that link.

 

Anyway you know to do that easily? I am no advanced programmer, i only know Html.

 

Thanks in advanced!



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 29 September 2016 - 10:42 AM

You just need to search through the logs of the webserver, or the proxy server if your organization has one.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 granada12

granada12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 29 September 2016 - 02:25 PM

Yes, i should have known. 

 

Thanks,



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 29 September 2016 - 02:28 PM

No problem.

 

Do you plan to use a web server on your network (private IP address) or on the Internet?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 granada12

granada12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 29 September 2016 - 03:15 PM

I'm doing a web server on my network.



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 29 September 2016 - 04:06 PM

OK, then you'll have the IP addresses of the workstations. It will only be a problem to identify users if you have a Citrix environment.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:07:48 AM

Posted 30 September 2016 - 01:02 AM

Rather than try to tie the caller's IP address to user, you say that you are forging the sender adderess (as as such would appear to be comfortable with some level of custmosation of the outgoing emails), why not customise the page that the dodgy link contains for each user as well? Then the page that they request from the server will indicate which individual email was responded to.

 

Additionally, you could dream up a questionable external domain name, add that domain to your internal domain servers with 'www' A record resolving to the IP address of internal web server. The links in the email would be crafted as pages on that server. Then if somebody does check the link before clicking on it, they will not see an internal server name (and use that as a defense as to why they thought it was safe).

 

x64



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 30 September 2016 - 04:12 AM

If you're on a Windows-only network, enable Windows Authentication on the IIS server and configure logging to include the username. This way you'll see which user did click on the link.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 granada12

granada12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 30 September 2016 - 06:37 AM

Thanks for the idea. I will apply those. The more "legit" it is the better.



#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 30 September 2016 - 06:45 AM

You're welcome.

 

Last tip: make sure that what you are doing is legal, and in line with your corporate policies.

I don't know in which country you reside, but there are countries where this would be a violation of privacy. Even on corporate networks.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 granada12

granada12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 30 September 2016 - 07:24 AM

Im in Canada,

The CEO is aware of this project but he dont know when. (I want to catch him too :P)   I always protect my back.  Thanks for asking ;)



#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 30 September 2016 - 07:51 AM

In my experience, corporate users fall more for (UPS) Delivery Failure Notice phishing emails than other types of phishings.


Edited by Didier Stevens, 30 September 2016 - 07:55 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 granada12

granada12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 30 September 2016 - 10:16 AM

Yeah, i know but sadly i dont think  i can gather stats for this kind of attack.

 

If you have an idea please let me know. :)



#14 JohnnyJammer

JohnnyJammer

  • Members
  • 1,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:04:48 PM

Posted 03 October 2016 - 06:27 PM

i made a april fools batch file that i placed on the network, when the users clicked it it would run the bath file with homer simpson and eject and open their cdrom 3 times and make some loud beeps.

Then it would show some text about clicking on links even though it appeared to come from me.

if you want it let me know, i can then just post it here.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users