[Dshield] Spam Falloff (was Increased activity)

David Kennedy CISSP david.kennedy at acm.org
Mon Aug 18 22:26:37 GMT 2003

At 01:37 PM 8/18/03 -0700, Darren Gasser wrote:
>Not that I've seen.  SoBig.B/Palyh and other variants used by spammers
>listens on either port 1080 or a semi-random high port.  I'm not aware of
>any other virus or worm that's commonly used by spammers which attaches to
>the Windows RPC service.

I've seen no proof that Sobig was actually used by spammers.  I'm not
saying they aren't and it's certainly a plausible theory, perhaps even
probable, but AFAIK, yet to be proven.

Here's another theory:  If spammers are using trojan/worm/virus-infected
computers, many of those computers got some overdue
maintenance/administration due to the flurry/frenzy of attention caused by
the Lovesan.A.  Those computers may not have had Lovsan, or did, whichever,
the updated AV now running may have caught all sorts of other nastiness and
fixed it.

Just a theory.

David Kennedy CISSP                       \ / ASCII Ribbon Campaign
Protect what you connect;                  X  Against HTML Mail
Look both ways before crossing the Net.   / \

More information about the list mailing list