[Dshield] Big Jump in Open Relay Mailers

Pete Cap peteoutside at yahoo.com
Mon Feb 2 20:11:36 GMT 2004

I believe that this is highly likely but that it may be premature to assume that all the new traffic is from MyDoom-created relays.
In any case, some investigation is definately in order!

Bjorn Stromberg <bjorn at thechemistrylab.com> wrote:
MyDoom isn't just about DDoS'ing SCO, it's main purpose is to backdoor PCs
so that the spammers can use them as open relays. Unless you are seeing real
mail-servers as relays and not just dynamic IP's I would assume that all
your new traffic is coming from MyDoom infected machines. The spammers may
even try to clean up the mydoom infection after they installed a rootkit.

Bjorn Stromberg

----- Original Message ----- 
From: "Jon R. Kibler" 

Sent: Monday, February 02, 2004 8:16 AM
Subject: [Dshield] Big Jump in Open Relay Mailers

> Hello all,
> Well, it appears that open relays are once again suddenly a problem. For
about the last year, we have been detecting 2 or 3 different open relays per
hour as spam sources, and we have been finding about 1 or 2 new, previously
unreported, open relays per day. (We find the majority of spam originates
from open proxy servers, or from password compromised mail servers.)

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!

More information about the list mailing list