[Dshield] UPD Spam

jayjwa jayjwa at atr2.ath.cx
Sun Apr 18 09:01:10 GMT 2004

On Fri, 16 Apr 2004, Miles Stevenson wrote:

> I have seen this happen to broadband users who are without a firewall.
> Unfortunately, it is starting to become commonplace for spammers to use the
> Windows messenger service for distribution. See:

> http://www.theregister.co.uk/2003/01/30/messenger_popup_spam_makes_us/

> If you continue to capture data, you may be able to convince the right people
> at Dartmouth to have the offending spammer disconnected. If you are REALLY
> lucky, they may even be convinced to filter outbound traffic, but that's a
> long shot. FIrewall policies are often lax at universities.

...just got another round of them today, they must be spraying this
network. I know there's alot of older, unpatched Win machines on it. This
time, the machine was in Chinanet's block (good luck, right? :P ). The
machine in question had an SSL'ed httpd with a certificate badly out of
date (expired). I don't think any admin would let that happen, so I'm
thinking it's a compromised system someone forgot about. I mailed
anti-spam at ns.chinanet.cn.com; told them about it. All the spams I've
gotten reference the same site- a site listed as "godaddy.com", an alias
for "secureserver.net", in AZ, US. ATT seemed to be their upstream
provider. Yes, Sendmail's been quite busy today. ;-)


More information about the list mailing list