[Dshield] Big Jump in Open Relay Mailers

Jon R. Kibler Jon.Kibler at aset.com
Mon Feb 2 18:16:44 GMT 2004

Bjorn Stromberg wrote:
> MyDoom isn't just about DDoS'ing SCO, it's main purpose is to backdoor PCs
> so that the spammers can use them as open relays. Unless you are seeing real
> mail-servers as relays and not just dynamic IP's I would assume that all
> your new traffic is coming from MyDoom infected machines. The spammers may
> even try to clean up the mydoom infection after they installed a rootkit.
> Bjorn Stromberg

No, these are REAL open relays... not open proxies. These are the organization's 
real, legitimate MTAs running as an open relay. We have seen Microsoft, Novell, 
Eudora, IMail, VopMail, and a half-dozen other vendor's MTAs running as open relays. 
Also, when submitted to ORDB, they test open, and many are first detected using

Bottom line... real mail servers are becoming 'corrupt' for some reason.
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list