Email Cluster Bomb Research

Phase I: Harvesting Suitable Forms

The first step in the attack is to locate and collect a sufficient number of forms (legitimate: subscription to newsletters, alert services, postcards, etc. or illegitimate: pop-ups, spam, etc.). This will be done by using a crawler, which is a program that looks for Web pages containing keywords such as e-mail, subscribe, etc.

Every Web page is created using HTML code. An attacker is interested in collecting Web sites that contain subscription forms with input text fields for e-mails, that would be similar to the following code:

<form method="GET" action="subscriptionPage.php"> Name: <input type="text" name="Name" value=""><br> Email: <input type="text" name="E-mail" value=""> </form>

that produces this form in a Web page:

Name:

E-mail:

	Home
	Attack Phase I Phase II
	Solution
	Demos
	Learn More

	How does the attacker collect forms?
	The attacker uses a program (crawler) that looks for Web sites such as these containing subscription forms. For example, a Web site where you can subscribe to receive free cooking recipes via e-mail might be exploited as a launch pad.