OWASP AppSec Conf Delhi – Day 2; and more

The pictures of Day 2 are here.

The second day consisted of 6 workshops – 3 before lunch and 3 after. I was confused on choosing between Sheeraj Shah and Mano Paul’s workshops during the first half; and Jason Li’s talk on “Web 2.0ย  Security” and “Secure Code Review” workshop (originally by Dinis Cruz, but conducted by Gaurav Kumar of Microsoft) on the second half.

Threat Modelling - Mano Paul

Mano Paul

Choosing Mano Paul’s Workshop on Threat Modelling was relatively easier because I am trying to push in Threat Modeling in my company. However, the disappointment of missing Sheeraj’s talk was no less. Although, I must confess Mano Paul is one heck of a presenter. I guess experience always count.

Code Review - Gaurav Kumar

Gaurav Kumar

The decision for the second half was pretty tough. I had finally chosen Secure Code Review talk over Jason Li’s talk, because I’ve a personal interest in Code Review; added by the fact that the workshop was to be conducted by Dinis Cruz. Since we had to pre-select the talks, there was no scope to change it later. Needless to say, I was a bit disappointed initially. However, I must also mention that I don’t regret attending it. It was conducted by Gaurav Kumar, Ace Team, Microsoft. The best part about him, apart from the fact that he knows his stuff, is that he took all the M$ jokes sportingly :).

Bipin with Walter and Jordan

Bipin with Walter and Jordan

I also got to meet Jordan Forssman (Armorize) and Walter Tsai (CTO, Armorize), although I regret not being able to spend enough time and talk some Geeky stuff. Oh and yes, Walter gifted me and Amit the 31337 Armorize T-Shirts :D. I also got to meet a couple of more like minded people, though very briefly. I couldn’t share cards with all of them. Today Lava (whom I met during Gaurav’s workshop), contacted me today via this blog. Feel greats to be in touch with fellow geeks and to be able to share the geekiness. ๐Ÿ˜‰ I’d like to be in touch with others too. Please feel free to buzz me.

I must admit, the hangover remained for quite a few days. It had motivated us to evaluate the possibility of another OWASP conf at Banglore. We’ll be discussing it at the next meet. For now, I have another interesting announcement to make. OWASP Banglore Chapter is starting Open Workshops for developers, students, and anyone interested to learn about Web Security. The first one is on Sept. 7th, at Microland, Bellandur. If you are interested kindly drop me a mail; or even better, joing the OWASP Bangalore mailing list and put up your details.

A Phish floating in Google Survey!

Demo

1. Phizy-Phizy-Phizy

I have always loved making this phizy-phizy-phizy sound purposelessly, which I once heard in a Rob Schneider movie (which, if I remember correctly, was a pathetic movie). Anyhoo! I, now, have a set of very strong reasons to move around repeating the same lines.
First, we received a request to be involved in a discussion for a Risk Assessment Model for a Banking site. This model had to be focussed on Two Factor Authentication and Phishing. This brainstorming gave me a couple of interesting avenues to work on. Hopefully, I’ll be writing more in this pretty soon.
Secondly, Peter Thomas (one of my amazing Bosses), forwarded me the link about the latest research by Nitesh Dhanjani & Billy Rios. They virtually infiltrated the Phishers ecosystem and have come up with some very interesting information.
Thirdly, my friend Swen called me up to let me know about a phishing mail, claiming to be a Google survey, that had landed in his mailbox. He was excited for two reasons:
a) He had received a phishing mail for the first time, and I guess you all remember the excitement the first time you discovered your first phishing mail.
b) He is one of the Google fans, and is worried about the safety of the vast majority of user-base Google has. Obviously, his concern isn’t without reasons.
by-mcbeth www.flickr.com/photos/mcbeth/235875/

2. A Phish named GoogleSurvey

As I mentioned Swen informed me about the shiny phish called GoogleSurvey. It presents you a page that looks completely similar to the Google Login page and requests you to login in order to complete the survey. If you login, you are presented with 3 questions on by one. At the end you are thanked for completing the survey.

3. Anatomy of Google-Survey-Phish gills

The Google Survey Phish isn’t sophisticated y ANY standards. Clearly, it’s done by some n00b, and was probably deployed using a very cheap Phishing Kit. However, it’s really interesting to understand how it works.
The first page the you encounter while analyzing is http://www.googlesurvey.co.nr/, which I must admit, looks very similar to the Google Mail login page. A look at the source code reveals that this is not the original page. The google mail look-alike page is alike page is actually located at http://googlesurvey.99k.org/. http://www.googlesurvey.co.nr/ only frames the page at with 100% width and 0px border.

Another interesting point to note is that the phisher used a free hosting service http://www.zymic.com/free-web-hosting/. Thus, theoretically he/she cannot be traced. Not via the hosting service, at least. ๐Ÿ™‚

Now, when you enter your id and password, the data is sent to a php script on the server located at http://googlesurvey.99k.org/LoginAuth.php. Quite obviously, this script stores/mails your credentials for someone who’s not a very pleasing person.

4. Demo: Farming your own Phishes for fun & profit *cough*

The world of Phishing is so dark, deep, safe, easy, and seductive that a person with even a slight malign would be tempted to this farm his/her own phishes and make easy money. I set up my phishing domain for educational purposes. It also shows how quickly you can setup your very own phishing portal, sometimes even without a phishing kit. The domain I’ve setup has the following flaws (introduced to prevent me getting screwed by some half-witted law enforcer) :
1. The domain points at Yahoo!, while the page displayed is similar to the GMail login page.
2. The information entered is NOT stored. You can check it by entering garbage data.

I have used the same page used by the GoogleSurvey Phish, and also used the same free hosting service.

5. Conclusion

It’s almost impossible to prevent users from getting Phished. People will continue to click on links they receive in their inbox and </sarcasm> proceed to win an ipod </sarcasm>. Reducing phishing requires a number of things to be in place -sensible developers, well informed end user, smart browsers with phishing aware features (IE7, Fx2 etc.), a few toolbars like NetCraft to be installed, etc. etc. And even doing all this doesn’t guarantee to save a user ignorant of phshing. I mean how do you save a person who doesn’t even know that such a kind of fraud exists.
Moreover, the URI vulnerabilities have added another dimension to the whole phishing scene. ๐Ÿ™‚

AdSense exploited by malware (Trojan.Qhost.WU)

1. Life & Code

By http://www.flickr.com/photos/13798876@N02/1466880287/

(The title of this section is taken from Johnny’s blog of the same name, Life and Code. Although my implementation of the phrase isn’t in terms with Johnny’s, yet I could resist using it. ๐Ÿ™‚ )

Life: Three days ago I found that there are some strange entries in my local Apache web server logs. Something like:
127.0.0.1 - - [18/Dec/2007:19:39:26 +0530] "GET /iview/msnnkhac001160x600Xdig1600000185msn/direct;wi.160;hi.600/01 HTTP/1.1" 404 352
127.0.0.1 - - [18/Dec/2007:19:42:19 +0530] "GET /pagead/show_ads.js HTTP/1.1" 404 320

Code: Bitdefender informs of a malware, termed as Trojan.Qhost.WU, is redirecting all the requests made to the Google’s ad server (page2.googlesyndication.com) by the victims browser to a rougue ad server.

2. Impact of the issue:

Reportedly, a big part of Google’s earnings comes from it’s Ad services. Thus this trojan is not only depriving Google of it’s earning’s, but also the publishers who work hard and hope to make some quick buck for their evening coffee.

3. The enigmatic “hosts” file:

You all know that every system connected directly to the internet is assigned a unique IP address. The domain name (viz. http://projectbee.org) is nothing but a unique name assigned to a unique IP (although more than one domain name can be mapped to an ip address, that is not our concern right now). This mapping is stored in DNS servers. Each time the browser tries to open up a site, a nearby DNS server is queried to find the ip address.
However, before all this, the DNS server of your local system, hosts file, is queried. (Don’t mistake me, this DNS server is just a metaphor ๐Ÿ™‚ ). The hosts file stores a domain name to ip address mapping for domains that don’t need a query to DNS server. e.g., localhost is mapped to 127.0.0.1, the loopback ip, i.e. the ip of local system.
On your windows 2000/NT onwards system, it’s located at %systemroot%\system32\drivers\etc\hosts and on your *nix systems at /etc/hosts. More info on location can be found here.

Now coming back to my problem; unable to find any satisfactory answer, I posted it on Slackers. (Giorgio) Maone, better known as author of the awesome NoScript plugin for Fx, immediately responded, and asked me to check my hosts file.
I had added a number of entries of ad serving sites to point to the local ip in my hosts file and forgotten. I did this to prevent ads from being loaded. Hence, each time any of these sites were called, the hosts file redirected the requests to my local server.
So pretty obviously, I was/am not infected.
“Why do you post the junk about your issue then?”, you ask.
“Because it was a strange coincidence, and because I can, honey :P”

4. How the exploit works?

It’s fairly simple, the malware modifies your hosts file and adds an entry for page2.googlesyndication.com to prevent DNS lookups and direct all the requests to the malicious server.

5. How do I protect myself?

1. Locate your hosts file and remove any entry for page2.googlesyndication.com. Alternately, you can even modify the entry to point to your local ip, in case you don’t wish to see those ads.
2. Let your Antivirus/AntiSpyware do it for you.

6. Conclusion

What! Dump M$ Windows for Linux. ๐Ÿ˜›
Seriously, “Linux ain’t easy to use” is a myth. Moreover, if you are into flashy looks, try compiz-beryl package. It IS Awesome… (and consumes amazingly less resources than…uh Vista.)

7. Bonus Tip

In case you wish to prevent your kids, partner, (or even parents) from visiting some sites; or do not wish to see those crappy ads from being loaded, you might consider editing your hosts file. For more information or even sample hosts files, use Yahoo! search.

Orkut Latest XSS Worm; and what it means for Indian Orkuteers

Update: Kishor reports a flaw in the implementation of “private” videos feature on Orkut. Although I am at office and I haven’t checked it yet myself, I believe I can trust him, based on his posts at Slackers. Nice one Kishor. ๐Ÿ™‚

1. YAWN [Yet Another Worm, Nanny]

http://flickr.com/photos/aqlott/1735501790/

Orkut (Google’s MySpace and Facebook for Indian, Pakistan and Brazil) has been hit by an XSS worm. It’s useless to say but I am not able to resist, so I’ll say it anyways. It’s not the first time that a Social networking site has been attacked by an XSS worm. In fact these sites are the primary target due to a number of reasons -easier gullibility level, exponential reach, huge amount of data waiting to be harvested, web 2.0 etc. etc. etc. There’s good compilation of XSS worms going on at Slackers (Social n/w worm, or no).
Anyhoo. This incident has already been reported by a number of bloggers, so I won’t dive into the technical details. However, this worm seems to be harmless and fixed for now.

2. What it did?

If you viewed a message 2008 vem ai… que ele comece mto bem para vc in your scrapbook, there is a big probability that you’re infected. You were added to a community named Infectados pelo Vรญrus do Orkut at http://www.orkut.com/CommunityJoin.aspx?cmm=44001818. The worm then forwards itself to the scrapbook of all your contacts (on your behalf). Any doubts on it being exponential?

3. IT Act 2000 [pdf]

IT Act 2000 is India’s legal answer to the miscreants on the technological front. (I realize it’s a pathetic definition, so no flame on it please ๐Ÿ™‚ ). The trouble with IT Act 2000 is that the majority of law enforcers aren’t really aware of the real life scenarios. I’ll give a real case to support the point, in a while. Although I am no law expert (just a little bit of interest), I guess I can safely say that the Act needs a few amendments to include/modify a number of issues (e.g., SPAM, etc.)

So what happens when the implementation is in nascent stage, and the enforcers are not completely eductaed?
Things get blown out of proportion. Things get painted in a completely new color. Things get… uh! fill them up yourself.

Chapter 11 of the Act defines the Offences – section 65 to section 78. For now, let’s have a look at Sections 65, and 67.
Section 65: Tampering with computer source documents.

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
Explanation: For the purposes of this section, “computer source code” means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

Section 67:Publishing of information which is obscene in electronic form.

Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

I have mostly been interested in section 67 (which according to some in the law indsutry) also extends to sms service ๐Ÿ™‚

Anyhoo. If you are interested in punishmentsm, here’s the link. Have a look. You might be serving one someday ๐Ÿ˜‰

5. Case Study

There have been quite a few cases revolving around Orkut, but the one that I’ll be talking about (and is the most relevant) is the one where wrong man ( named Lakshmana Kailash K) was put behind bars for 50 freakin’ days. He’s “reportedly” involved in the defamation of Chhatrapati Shivaji, a highly revered historical figure.
In case you aren’t aware, Orkut (Google) has signed a pact with Indian Law Enforcement. They pledge to “block any ‘defamatory or inflammatory content’, or hand over IP address information to police if asked”.

So what happened in the above case?
Law enforcers are reported about the defamation of Shivaji, they contact Orkut, Orkut gives IP, law enforcers run to the ISP (Airtel in this case), Airtel provides address, Guy put in jail.
Simple. Isn’t it?

The only trouble being that Airtel provided the wrong address.
Whoops! And bang! The dude spends 50 days straight, for something he didn’t do.
Neha Viswanathan, a blogger based in UK, has a very nice write-up on the incident. Further, there’s a very nice compilation of some Cyber Crime cases in India at the IndiaCyberLab portal.

6. Putting the pieces of puzzle together

Let’s first collect all the pieces together:
1. Orkut has a pact with Indian law Enforcement.
2. Law enforcers are incompetent *cough*.
3. Orkut (or any other similar site) still has XSS and CSRF flaws in them. Period.
4. XSS and CSRF let you (among other thousand things) manipulate source code (section 65) and/or insert obscene/derogatory (section 67).
5. XSS and CSRF let you post/manipulate data on some other person’s behalf. (Orkut/Samy etc. worms did not require you to click anywhere. Just load the page and the payload in inserted in your friend’s scrapbook on your behalf).

Now combine them all, and you’ll realize that there might be a day when you just sent a “long time no scraps” scrap in your friends scrapbook and went to bed. The next day, a bunch of Cyber officers wake you up, and arrest you for defaming Bala Saheb Thakrey.

…and yes! Don’t talk about Democracy. You’ve already seen that the politicians can get away with a wrestling in parliament arena that will put WWE stars to shame. On the contrary, a chap is detained for 50 days just because the cops thought that they had enough evidence.

7. Conclusion

What!
Stay away from social networking sites. Trust me, they are not worth the price.

Drive-by Download: Where Network Security Meets WebAppSec

DEMO

This post was due since the Bank of India hack incident, and was fueled by PDP’s Drive-by Java post, which is a very simple, yet a well thought of extension (sort of) to the Drive-by Download attack. This post is aimed to provide a clearer understanding of the Drive-by Download attack (via a demo).

Citing Wikipedia, Any download that happens without knowledge of the user can be referred to as Drive-by Download (DBD). Pretty obviously, an attacker downloads (or uploads, depending on the perspective) malwares, viruses etc., especially in case of a zero-day. Now, I should also specify that by the sub-title “network security meets web application security”, I simply wish to point that viruses, malwares, worms are not really a concern of WebAppSec. Please note that these exclude the Javascript payloads.

Here is the video of Bank of India Hack, showing DBD in action.

Here is my demo of DBD in action.
All files downloaded to your system are 0 (zero) KB and are completely harmless. You’ve my word. ๐Ÿ™‚

Apache Headache: “no listening sockets available”

Update 1: I was unable to configure MySQL. Reason: It was installed in C:\(blah-blah) and , probably, do not have write rights in the directory. Installing it to D:\(bigBlah) solved the issue. Duh!

Update 2:ย I see a fairly good traffic coming here searching for the same problem. So, in case you are in a hurry, this is mostly a summary to inform you that in all probability, YOU HAVE SOME SERVICE RUNNING ON PORT 80. Check out using TCPView (if you are on windows). Hope that helps. ๐Ÿ™‚

I am currently working on an official XSS (Cross Site Scripting) presentation. I needed some screenshots of alert boxes and defaced site. So I installed Apache, configured it to work with PHP. (If you need help in installing and configuring MySQL, Apache and PHP, look here).

But this was day before yesterday. Yesterday, I needed to make a quick manipulation to the script, but… Apache won’t start. The error I was getting (using eventvwr) was:

>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 .

It’s pretty apparent that some other jerk was sitting and listening at port 80. Yesterday, however, was too hectic to discover the rat. Today, I ran TCPView (thanks to Shruthi for suggesting) to discover that inetinfo.exe was the ra**al. TCPView is one of the nicest tools created by the guys at SysInternals, which was later acquired by Microsoft. Rats!

Anyways, the fun part was stopping the service. I couldn’t kill it. Neither using TCPView, nor Task Manager. It would again span back to life ๐Ÿ™‚

So, finally I opened services.msc to stop the IIS server and change the automatic start mode to manual mode. Heck! I should have disabled… or even better, deleted the scoundrel. ๐Ÿ˜€

So, if you have the same problem, you are in all probability in office right now and hence may not be aware what services are running. Use TCPView to discover all those unnecessary network services. It’s a great tool. Further, you might also want to switch some stupid services from automatic start mode to manual (or disable :P). Use Services.msc.

A 13 Year Old CEO!

Yes, you read it correctly. A 13 year old CEO and an 11 year old VP, Sales.

My grandmother is no businesswoman, but I always cite two of her sayings pertaining to business:

  1. Doctors can earn even in a jungle,
  2. People will never stop learning/studying (formal education), at least not in India.

I personally believe very strongly that Education is an arena which hasn’t been exploited properly. NOT YET. It has a lot more potential. O’reilly’s School of Technology is an additional confirmation to my theory. I even consider Safari, a pretty smart and daring move.

I am also a very firm believer of the power of imparting lessons with fun, visuals or real life scenarios embedded in them. Some of the most prominent examples (that I am aware of) are:

  • The Head First Series from O’reily.
  • The flash/video presentations available all over the net. Coincidentally, Roman Strobl wrote about the great feedbacks he has been getting about his presentations.

I was really happy to come across the news of a new venture called Elementeo, aimed at imparting chemistry lessons with the aid of games. The most remarkable thing about the venture is that it’s CEO is a 13 year old kid, Anshul Samar (Indian origin! probably).
I really hope that these kids succeed in convincing some VC and eventually succeed in business too.

Looking at it all, I must say that my moves, that most blamed me for :), are proving to be good too. I am currently co-working on a Java book which will be published by Wiley Publication. The USP of the book, IMHO, is the virtual content. Through these video presentations, we have tried to map theoretical concepts to real (and fantasy :D) world examples. The best one from the presentations, IMHO, is the one where we (actually Rupi came up it ๐Ÿ™‚ ) map access modifiers with Duck Tales characters.
However, my favorite is the one where I have done exactly the reverse. I tried mapping my REAL LIFE into CODES. ๐Ÿ˜›

Stay tuned for updates on the book… and wish us luck.

Apache-MySQLPHP Installation & Configuration Tutorial for Beginners :)

Note: This article still seems to attract a fair bit of traffic. Just wanted to let you guys know that this is a pretty old article. PHP development environment has come a long way since then. You may want to download and use any of the following packaged environments instead: WAMP or XAMPP on Windows, or MAMP on OS X

In case you have any other queries, feel free to drop a note in the comments. I’ll try to answer.


This article is a very โ€œnarrowโ€ tutorial aimed for complete beginners and dummies, who want to start off coding with AMP (Apache-MySQL-PHP) but do not want to read manual for installing and configuring them.
This write up is very specifically targeted and applies for Windows platform.

Note: To get the real and complete understanding, spend some time with the manuals. They are the best source of information.

Installing and Configuring PHP5 with Apache

    1. Select the most appropriate mirror for you from the following: http://www.apache.org/dyn/closer.cgi/httpd/binaries/win32/ (for Apache), and http://www.php.net/downloads.php for PHP.
    2. Download apache_1.3.x-win32-x86-no_src.exe and PHP 5.1.2 zip package (names PHP-5.x-win32).
        • DO NOT use Apache 2.x with PHP.

       

      • If you use PHP 4.x, make proper changes in the some of the steps given below.

Note:

  1. Install Apache by simply clicking on the exe file. The default path is C:\Program Files\Apache Group\Apache.
  2. Unzip the PHP file to C:\PHP.
  3. Add C:\PHP to system path.
  4. Backup and rename php.ini.dist to php.ini.
  5. Copy php5ts.dll and php.ini to %systemroot%.
  6. Copy php5apache.dll to C:\Program Files\Apache Group\Apache.
  7. Open cmd (command prompt) and run net stop apache (to obviously stop the server).
  8. Backup httpd.conf, located in C:\Program Files\Apache Group\Apache\conf, and then open it in an editor to add the following lines:
    • LoadModule php5_module php5apache.dll
    • AddType application/x-httpd-php .php
    • AddModule mod_php5.c [If you face any problems, remove this line and check again]
  9. Net start Apache.
  10. To check if all everything is in place, write the following code in a notepad and save it as โ€œphpinfo.phpโ€ (with inverted quotes).

<?php
phpinfo();
?>

  1. Place the file in your DocumentRoot directory. The default path is C:/Program Files/Apache Group/Apache/htdocs.
  2. Start your Mozilla Firefox browser (itโ€™s not mandatory, just a recommendation :P), and type http://localhost/phpinfo.php.
  3. If everythingโ€™s fine, weโ€™ll see something like this:

 

phpinfo.jpg

Installing MySQL:

  1. We can find it in three shapes and sizes :D, The Complete Package, The Essentials Package and The Noinstall Archive. Weโ€™d go for the complete package named mysql-[version]-win32.
  2. The installation part is click next type.
  3. At the end of the installation, click to configure and choose the options as per your choice or as given below:
    • Detailed Configuration>Next
    • Developer Machine>Next
    • Multifunctional Database>Next
    • >Next
    • Manual Settings (choose 5)>Next
    • Enable TCP/IP (leave default port as 3306)>Next
    • Add to both, windows services and ssytem path>Next
    • Choose root password>Next
    • Execute.


Configuring MySQL & PHP:

  1. Open php.ini, located in %systemroot%, in and editor and uncomment the following line by removing the semicolon at the beginning of the line:
  2. extension=php_mysql.dll
  3. Copy php_mysql.dll and libmysql.dll from C:\PHP\ext to C:\PHP.
  4. To verify the configuration and administer MySQL, one may use phpmyadmin, found at http://www.phpmyadmin.net/home_page/index.php. However, do make sure not to publish it along with the site :P.
  5. Thatโ€™s it. Happy Coding (. For anymore queries, either leave your comments or refer to the manuals.

"COLUKABKI – AOL – MSN – YAHOO – RED CROSS"….. aaah Comm’n Gimme a break.

It’s really interesting that even enginieering students, who are supposed to have a very ANALYTIC are least bothered in verifying anything before believing it…… and that too when they have access to GOOGLE.

This blog of mine is in response to the hundreds and thousands of mails that are forwarded so that somewhere, somebody’s LIFE COULD BE SAVED BY FORWARDING THE BLOODY MAIL.
AOL, Yahoo, Red Cross, MSN etc. etc .etc. donated certain amount of money FOR EACH TIME THE MAIL IS FORWARDED (generally 1 cent).
Isn’t that interesting???? I mean what these sites could do generously (if they wished to), do it when some BIG HEARTED person forwards the mail.
And guess what??? They do it without attaching any kind of tracker in the mail… Not to mention that doing any thing even near to attaching a tracker would be a threat to an individuals privacy… ๐Ÿ™‚

I cannot stop myself from sharing one other similar interesting mail. The mail said that an INDIAN BOY HAS CHALLENGED BILL GATES BY DEVELOPING AN O/S CALLED “O! YES”, which very Robust, Secure, blah blah blah… And HP has proposed to purchase it.
Now, the first thing… making such an O/S is no joke. This has nothing to do with the crappy nature of WINDOWS (hehehhe), it’s just means that it’s very difficult for a young child to do so.
Secondly, if someone succeeds in doing so, this news would be the hottest one around…. not one which has to be informed via email. ๐Ÿ˜› And the most interesting part….. This mail has been doing rounds since 5 years (at least) :))

These mails are generally used for two reasons:

  1. For fun…. or to make mockery of someone.
  2. For stealing your mail id for spamming……. I know this is strange, but it’s true. If you have any such mail in your mail box, just try to count the number of email ids in it…. and then imagine what would you do with them if you were a spammer. These mails are infact sent by spammers so that they can have a reasonably beautiful number of such mail ids.

JUNTA, please don’t feel bad if you have been forwarding such mails.
Obviously, nobody knows everything… but you can be a little careful when you recieve such mails.

  1. Ignore such mails.
  2. If you really feel that the mail is genuine and need to be forwarded, GOOGLE some keywords contained in the mail,
  3. or forward it after removing all the previous email addresses.
  4. ALTERNATELY, YOU MAY ALSO DISTRIBUTE THE LINK OF THIS ARTICLE FOR SPREADING AWARENESS ๐Ÿ™‚