[Dshield] What is spylog?

Ellen Clary ellen at dgi.com
Tue Jul 16 19:12:47 GMT 2002


Hi,

We just got this spam email from Spain (forged, but not relayed - see below),
and now since we're using SpamAssassin (highly recommended) the numbers are cut
down so dramatically that I have time to investigate the more unusual ones that
slip through.

I used SamSpade's safe browser to take a peek and, of course, it's all in
Russian, but there's a link to the front page:

http://www.samspade.org/t/safe?u=http://www.nospam.ru/

The front page references software called spylog (.com or .ru).  Anyone know
what it is?  A quick google showed lots and lots of Russian references.

Ellen Clary
Senior System Administrator
Dynamic Graphics

Spam Message:

>From demetrius at bk.ru  Tue Jul 16 08:33:50 2002
Return-Path: <demetrius at bk.ru>
Received: from brazil.dgi.com (rio.dgi.com [192.168.1.102])
	by pluto.dgi.com (8.8.8/8.8.8) with ESMTP id IAA22107
	for <syshelp at mailhost.dgi.com>; Tue, 16 Jul 2002 08:33:48 -0700 (PDT)
Received: from bk.ru (213-98-78-104.uc.nombres.ttd.es [213.98.78.104])
	by brazil.dgi.com (8.12.3/8.12.3) with SMTP id g6GFXWmx002155
	for <syshelp at dgi.com>; Tue, 16 Jul 2002 08:33:38 -0700
Message-Id: <200207161533.g6GFXWmx002155 at brazil.dgi.com>
From: "nospam at mail.com" <demetrius at bk.ru>
To: <syshelp at dgi.com>
Subject:  E-Mail
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Date: Mon, 15 Jul 2002 0:49:50 +0300
Mime-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"
Lines: 2
X-Spam-Level: Score=0 (Less than 5 ok)
X-Scanned-By: MIMEDefang 2.8 (www dot roaringpenguin dot com slash mimedefang)
Status: OR

http://www.nospam.ru/nospam.html


---End of forwarded mail from "nospam at mail.com" <demetrius at bk.ru>




More information about the list mailing list