[Dshield] Rise in UCE
lists at webcrunchers.com
Tue Jan 6 03:15:04 GMT 2004
On Jan 3, 2004, at 8:35 PM, Michael Leone wrote:
> Has anyone else seen a major rise in spam (UCE) in the past few days?
> Even that this looks like a spike to an original incline of spam in
> the last few months.
yea - this crap is getting out of hand. How can we pressure the ISP's
to crack down on people stupid enough
to open attachments? I don't know if anyone noticed, but in past
week, a new virus was released in the wild,
so be expecting more and more infected hosts that have to be shut down.
I've refined my spam reporting system to combine spam reports destined
to a single ISP into Many IP's, so I can
send 10 times more reports and use only 10% of net bandwidth. Now the
ISP's get a daily dose
of a big list of infected hosts they need to shut down. So rather then
to send 150 individual spam reports to 'abuse at comcast.net', I just
send them a list of 150 IP addresses that host infected trojans in just
> Alot of these messages also contain W32.Klez - This some sort of
> attack? Or just general misbehavior from the peanut gallery? Most
> contain pornography sites messages which get quite disgusting,
> including very nasty images as well.
have you ever examined the URL's for these nasty smut engines? have
you ever noticed it having something like
or something like that? This means this smut engine is someone's
infected computer who happens to leave it turned on, with their DSL or
cable modem. Most cable modem providers don't allow web site hosting,
so they use non-standard port numbers to slip beneath their radar.
These are nothing more then people's PC's running Wingate. Spam and
porn hosting. How can we stop it?
Good question, but i have some suggestions, but ISP's and privacy
advocates would shoot me for even considering this
Write into the AUP that in order for people to connect to the internet,
they HAVE to have their computer scanned for viruses and patched.
Filter ALL incoming attachments (most are already doing this), and of
course if anyone's computer IS exploited, to disconnect them
immediately before any more damage can be done. Of course, this is
very BAD medicine.
In meantime, report your spam..... the more that gets reported, the
faster they can be shut down.
More information about the list