[Dshield] Big Jump in Open Relay Mailers

Pete Cap peteoutside at yahoo.com
Mon Feb 2 20:11:36 GMT 2004


I believe that this is highly likely but that it may be premature to assume that all the new traffic is from MyDoom-created relays.
 
In any case, some investigation is definately in order!
 
Regards,
Pete

Bjorn Stromberg <bjorn at thechemistrylab.com> wrote:
MyDoom isn't just about DDoS'ing SCO, it's main purpose is to backdoor PCs
so that the spammers can use them as open relays. Unless you are seeing real
mail-servers as relays and not just dynamic IP's I would assume that all
your new traffic is coming from MyDoom infected machines. The spammers may
even try to clean up the mydoom infection after they installed a rootkit.

Bjorn Stromberg

----- Original Message ----- 
From: "Jon R. Kibler" 
To: 

Sent: Monday, February 02, 2004 8:16 AM
Subject: [Dshield] Big Jump in Open Relay Mailers


> Hello all,
>
> Well, it appears that open relays are once again suddenly a problem. For
about the last year, we have been detecting 2 or 3 different open relays per
hour as spam sources, and we have been finding about 1 or 2 new, previously
unreported, open relays per day. (We find the majority of spam originates
from open proxy servers, or from password compromised mail servers.)

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!


More information about the list mailing list