[Dshield] Joe-job aftermath

Jon R. Kibler Jon.Kibler at aset.com
Sat Oct 4 17:39:59 GMT 2003


Nels Lindquist wrote:
> 
> Hi there.
> 
> We've been the victim of a joe-job which started last Friday and
> proceeded for a week (it's finally let up this morning, but that
> could be temporary).  I've collected a ton of bounce messages (looks
> like the spam run was directed primarily at Hotmail and MSN).
> 
> Unfortunately it appears that each message was relayed through a
> different blind proxy, so I've been unable to trace the original
> spammer(s) so far.  Does anyone know of a way to correlate open
> proxies with those who exploit them?
> 
> Any other suggestions as to possible action we could take?  I've
> already spoken to our ISP, but they have no ideas.

Monkeys.com was very close to achieving what you need when they were taken down.

No, other than logs (which seldom exist) on the compromised systems, you are out of luck.

Sincerely,
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list