[Dshield] Spam Falloff (was Increased activity)

Jon R. Kibler Jon.Kibler at aset.com
Mon Aug 18 16:13:54 GMT 2003


Not sure what is going on, but I have to concur that spam is WAY down. 

We proxy check every system that connects to our MTA, and prior to last Tuesday, we had seen a steady increase in the number of new open proxy servers. Some hours we were finding as many as 50 or 60 new open proxies that had never before been reported. Now things have dropped down to 2 or 3 new open proxies every couple of hours.

The majority of the open proxy servers on the Internet result from spammers infecting unsuspecting user systems with various viruses and worms they have custom written. Some of these are known to take advantage of insecure Windoze shares and other like weaknesses.

I guess I have 3 thoughts on why spam may be down:
   1) With all the blocking of 135-139/TCP ports by ISPs and others, a security loop-hole that spammers were using to infect and access systems may now be closed, thus blocking their ability to send spam.
   2) Spammers systems have become infected and they are still busy cleaning up that mess.
   3) Spammers are laying low, now wanting to draw attention to their methods now that the Internet is under close scrutiny.

Haven't seen much info in various spam groups to give a clue what is going on.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

Craig Shaw wrote:
> John,
> Funny that you mention that. I've noticed a significant drop in spam showing
> up on my inbox since 11th of August (a 50% reduction). I had just thought it
> was spammers taking a vacation or something. :)
> Now I wonder if there was something else involved. Our ISP hasn't
> implemented any port blocking or anything that we know of (and they are very
> diligent in notifying us about any network changes).
> Maybe the spammer machines got infected? Anyone else have any ideas? Not
> that I mind - the reduced spam is a blessing. I'm just curious why all of a
> sudden it would fall way off.
> Craig Shaw
> Systems Administrator
> CAA Manitoba
> (204) 262-6035
> craigs at caamanitoba.com
> -----Original Message-----
> From: John Dalton [mailto:dubuque_1 at msn.com]
> Sent: 17-Aug-03 10:59
> To: General DShield Discussion List
> Subject: Re: [Dshield] Increased activity
> -snip-
> Why I post to this thread is the same friend told me that with the advent of
> the Blaster worm warnings, he noticed a significant drop in popup ads, but
> ALSO in spam type email, which he was at a loss to explain, unless the ISP
> instituted two fixes at the same time.
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list