First published: 28th February 2007
A UK–based security consultant has warned that the “contact us” feature on many corporate websites make it easy to launch DoS attacks on the organisation’s mail servers. The situation can occur if the “contact us” feature generates an email to an internal server, an attacker can automate submissions with a script, potentially generating sufficient mail to overwhelm the mail server. Using a botnet to run the script would increase the potency of the attack.