[Dshield] Big Jump in Open Relay Mailers

Bjorn Stromberg bjorn at thechemistrylab.com
Mon Feb 2 17:54:23 GMT 2004


MyDoom isn't just about DDoS'ing SCO, it's main purpose is to backdoor PCs
so that the spammers can use them as open relays. Unless you are seeing real
mail-servers as relays and not just dynamic IP's I would assume that all
your new traffic is coming from MyDoom infected machines. The spammers may
even try to clean up the mydoom infection after they installed a rootkit.

Bjorn Stromberg

----- Original Message ----- 
From: "Jon R. Kibler" <Jon.Kibler at aset.com>
To: <list at dshield.org>
Sent: Monday, February 02, 2004 8:16 AM
Subject: [Dshield] Big Jump in Open Relay Mailers


> Hello all,
>
> Well, it appears that open relays are once again suddenly a problem. For
about the last year, we have been detecting 2 or 3 different open relays per
hour as spam sources, and we have been finding about 1 or 2 new, previously
unreported, open relays per day. (We find the majority of spam originates
from open proxy servers, or from password compromised mail servers.)




More information about the list mailing list