---

Password Gropers Hit Peak Stupid, Take the Spamtrap Bait

Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: the users they are trying to access do not in fact exist. Instead, they’re take from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chancte that this is an elaborate prank or joke, but it’s more likely that via excessive automation, the password gropers have finally Peak Stupid.