What is a Mail Bomb?

Mail bombs exist in two forms: real and virtual.

Mail bomb concept

In the era of the information Internet, the mail bomb refers to the email bomb, and the English word is E-Mail Bomb. Refers to the sender of the mail, using special e-mail software, to continuously mail the mail to the same recipient in a short period of time. The inbox must be overwhelmed in front of these tens of millions of large-volume letters , And eventually "exploded to death". On UNIX systems, the mail bomb can also compile part of its contents into shell commands on the mail receiver. Such attacks range from small jokes to denial of service.

Mail bomb basics

Earlier mail bombs targeted a single e-mail box by filling up the target mailbox with a large number of data packets, preventing it from receiving new mail. However, with the advancement of mail filtering technology, the attack effect is getting weaker and weaker. The current email bomb attack has two obvious improvements over previous attacks: (1) The email sending address can be arbitrarily forged, and it also includes information such as the header field and email text. Go through simple mail filters. (2) Utilizing radon control technology and distributed attack technology, the malicious email sending software is first implanted into a computer with weak security protection measures in the network through a Trojan, making it a raider, and the attacker controls behind the scenes. At the same time, all the machines were mobilized to launch a mail bomb attack on the target mailbox or server.

Mail bomb bomb hazard

The mail bomb can be said to be a "popular" prank on the Internet, and the special program used to make pranks is also called E-mail Bomber. When someone's actions cause dissatisfaction with the good, the good can use this method to launch an attack. This attack method not only interferes with the normal use of the user's e-mail system, it can even affect the security of the server system where the mail system is located, causing the entire network system to be paralyzed, so the mail bomb has great harm.

Mail bombs can consume a lot of network resources, often cause network traffic, and prevent a large number of users from working properly. Generally, the mailbox capacity of network users is very limited. In a limited space, if users receive tens of thousands of emails in a short period of time, the total capacity of emails after a round of email bombing is easy Crowded users' limited positions. In this way, there will be no extra space in the user's mailbox to accept new emails, then the new emails will be lost or returned. At this time, the user's mailbox has no effect; in addition, the large-capacity information carried by these email bombs is constantly on the network Transmission back and forth, it is easy to block the transmission channel that is not rich in bandwidth, which will increase the server's work intensity, slow down the speed of processing other users' emails, and cause the delay of the entire process ^[3] .

Mail bomb popular bomb tool

A mail bomb is a destructive attack that sends a large number of files beyond the mailbox's prescribed space, making it impossible for the target mailbox to process the letter and causing the mailbox to be scrapped. Meet some mail bomb tools below.

EmailKiller

EmailKiller is relatively troublesome in similar email bombs. It can add the target mailbox address to be attacked in the "Target mailbox" option, but the length of each sent email is limited (depending on the capacity of the target mailbox), and the number of threads depends on the Internet speed. In "Set Letter Content", you can edit the title and content of the sent letter. When sending the letter, it will be filled out with garbled characters and sent automatically. For other options, you can select the SMTP sending server address and fill in the sender's mailbox address. It should be noted that the filled out server must be the same address as the sending server used by the sender's mailbox. Fill in, you can also take the default value.

MailBomb

MailBomb MailBomb is also a relatively common email bomb tool. It can not only send anonymous letters, but also add attachments to the letters to be sent. When using this tool, first fill in the destination address, a known sending server, and then your own mailbox address (usually all fake). However, the server of the sender's mailbox must be consistent with the added server to send successfully. The content of the email can be freely edited, the "ADD" option can be added to the attachment to be sent, and the number of sending can be customized. There are many more options in the "more" option, including: you can set the address of the auto reply message, the subject of the auto reply letter, display the sender's name and other functions. After adding the above options, just change the subject back and forth when sending related emails and press "Send" to launch the attack.

Red guest messenger

Red guest messenger can realize mass mailing, and it is a kind of mail bomb for "troubled". Fill in the address of the target mailbox in the mailbox blacklist, press the "+" sign to add the address to be sent to the list, and press the "-" sign to clear the target mailbox in the list. Sending mails with Red Messenger, you can use the default options without adding content. Red Messenger will send some letters like greetings to the target mailbox. If the message sent by Red Messenger is opened, it will occupy the target system source until it crashes. .

Hard bomb

Hard disk bombs specifically destroy hard disk data and cause damage to the other party, and can also prevent the target hard disk from booting.

Jiang Min Bomb

This is a very dangerous hard disk bomb. After running, it will lock the hard disk head to a certain position in the boot area, causing pseudo-physical damage to the hard disk, causing various systems above DOS 3.3 to fail to start normally.

The computer will search the order of all logical disks when booting the DOS system. When DOS is booted, it must first find the partition table information of the main boot sector-the OBEH address of the first sector located on the zero and zero cylinders of the hard disk. Where to start-When the starting position of the partition information is 80H, it indicates the primary boot partition, and the rest are extended partitions. The primary boot partition is defined as the logical drive C and the logical drive of the extended partition is defined as the D drive. By analogy, E, F, G ... Jiangmin bomb was started here, modified the normal master boot partition record, pointed the first logical disk of the extended partition to itself, and after DOS found the first logical disk at startup I always find myself by looking for the next logical disk, so an endless loop is formed. This is why the floppy drive, optical drive and dual hard disks cannot start normally. In fact, the Jiang Min bomb only made use of a small flaw in the DOS startup, which made many people helpless. Knowing the "locking" principle of Jiangmin bombs, it is easier to unlock. If the method of "hot plugging" hard disk power is used to handle: when the system is started, do not plug the power cord into the locked hard disk, wait for the boot to complete, and then "hot plug" the hard disk. At this time, if If the hard disk is not burned out, the system can control the hard disk. This is a very dangerous method. Do not try it easily. Here is a simpler and safer processing method.

Downloading the recovery program provided by Jiangmin Bomb to unlock is a simple and easy way. After decompressing the software, there are 4 files: the description file readme.exe, the file for making the unlock disk, and two files are Jiangmin Bomb. Their names are Jmbs.arj and JMBOS. Zip, which are actually compressed from a single file, but with different extensions. After decompression, you will see the jmbs.exe file with a size of 1809 bytes. This is the Jiangmin bomb. If you accidentally run it, the hard disk of the machine will be deadlocked. You cannot start the computer whether you use a floppy drive or an optical drive. There is no difference between hard disks and scrapped ones. The solution is to copy rescue.exe to a blank floppy disk, insert the floppy drive and run. After the OK message is displayed, you have an unlocked disk of Jiangmin Bomb. You will find that there is no file in it. Do nt be surprised, that s it. Use this recovery disk to start the machine. If the word unlock appears, it is successfully unlocked.

HDBreaker (Hard Disk Terminator)

This is an extremely nasty hard disk bomb program. It is a Win32PE program. Because it uses VxD technology, it can write hard disk sectors directly in the Windows environment, without having to wait for a reboot to destroy it like other similar software. This software can run directly in the Windows environment, and it will be destroyed immediately after running without displaying any interface. It will start from the first physical sector of the hard disk (0 cylinder, 0 side, 1 sector), and write memory junk data into it. It is a dangerous tool with the same effect as the CIH attack. Do not experiment easily. After the hard disk terminator destroys the hard disk data, only Jiangmin's KVW3000 Antivirus King and Kingsoft Internet Security 2002 can successfully repair some data, and other antivirus software cannot recover the hard disk data damaged by the hard disk terminator. The recovery disks created by all anti-virus software cannot recover the data of the C drive. In addition, the hard disk terminator can only run under Windows 95/98 / Me, so there is no threat to Windows 2000 and Windows XP users.

Mail bomb precautions

Mail bomb The prevention of mail bombs is cumbersome, and it is difficult to guarantee foolproofness, but we can use the following methods to avoid the attacks of mail bombs and do good after-treatment as much as possible:

1. Don't arbitrarily disclose your mailbox address

2.Hide your email address

3. Use the automatic reply function with caution

The "Auto Reply" function is designed well, but it may also be used to make mail bombs! Imagine that if both the receiving and sending parties have set the "Auto Reply" setting, and both parties fail to read the letter in time, a mailbox bomb will be created in repeated "Auto Reply".

4.Patching

In software design, there are often some unexpected errors and vulnerabilities, which bring hidden dangers to the program in terms of security and stability. Therefore, keeping software updated frequently is the simplest and most direct way to ensure system security.

5.Mail backup

Email backup methods can be used in many ways due to different software, so this article is not detailed here. However, you should basically set up a special directory for the received mail, and export the "address book".

6. Ask the ISP for help Once the mailbox is bombed, but you have no good way to deal with it, then what you should do is pick up the phone to ask your ISP service provider for help, and they will take measures to help you clear -mail Bomb.

7. Don't "make trouble" Chat with others in the chat room and quarrel with others on the forum. Pay attention to the words not to be excessive, and personal attacks. otherwise

8. Use a filtering function to install a filter (such as E-mail notify) in the mail software is the most effective precaution. Check the sender's profile before receiving any emails. If you find something suspicious, you can delete it and prevent it from entering your mail system. However, this approach sometimes deletes some useful messages by mistake. If you are worried about someone maliciously destroying your mailbox and sending you a "blockbuster", you can enable filtering in your mail software and set your mail server to automatically delete large messages that exceed your mailbox capacity .

9. Using the forwarding function Some mail servers often have an "automatic forwarding" function in order to improve the service quality. Using this function can solve the attack of large-capacity mail to a certain extent. Suppose you have applied for a forwarding mailbox. Using the forwarding function and filtering function of the mailbox, you can filter out all the undesired emails, delete them in the mail server, or transfer spam emails to your other free emails. Or simply abandon the bombed mailbox and apply for a new one.

10. Use special tools to deal with. If your mailbox is unfortunately "hit", and you still want to use this mailbox name, you can use some mail tool software such as PoP-It to clear these spam messages. These removal software can log in to the mail server, use the commands in it to delete unwanted mails, and keep useful letters ^[4] .

Mail bomb considerations

After the "bomb" attack, the first move may be to express extreme indignation towards those who are bored. At the same time, they also want to "treat their lives with their own ways", so that these "wicked people" also try "China "The bomb" taste, so some angry people may think that the entire bomb can be "played back" to the sender using the reply and transfer function in the email. However, these cunning "evil people" may think that their actions will be scolded and retaliated. In order to avoid the "scourge of death", these people are already prepared for retreat. They send both the sender and the recipient of the email. Each address bar has been changed to the email address of the attacked person. If you want to retaliate against them, your "reward" action will not only be unsuccessful, but they will also make you "lift the stone and shoot yourself" Your mailbox is "worse," and the emails you send will be returned to you indefinitely.

Mail bomb difference

We often confuse email bombs with email spaming, but the two are actually different. Spaming refers to the fact that the sender sends the same email to millions of different users (or to newsgroups) at the same time. It is mainly an advertising method used by some companies to promote their products. This method is generally not Too much harm to the recipient.