[Dshield] "Your IP was logged" Spam/Virus
markt442 at yahoo.com
Wed Nov 23 01:07:09 GMT 2005
Yup, rec'd 15 from one IP address (BellSouth) over
nearly a 12 hour period.
I have recorded the following table (all transmissions
Time Topic Src IP Spoofed Address
11:16:28 Your IP was logged 188.8.131.52 Admin at fbi.gov
10:14:13 Registration Confirmation 184.108.40.206
webmaster at alamance.cc.nc.us
9:34:20 Mail delivery failed 220.127.116.11
postmaster at domail.maricopa.edu
8:52:42 Your Password 18.104.22.168
postman at cbts.cinbell.com
5:40:56 Your IP was logged 22.214.171.124
Office at cia.gov
5:37:54 Your IP was logged 126.96.36.199 Post at fbi.gov
5:14:48 Registration Confirmation 188.8.131.52
hostmaster at unisys.com
4:08:26 Paris_Hilton_&_Nicole_Richie 184.108.40.206
info at lowes.com
3:37:53 Paris_Hilton_&_Nicole_Richie 220.127.116.11
Admin at zonelabs.com
3:22:25 Your IP was logged 18.104.22.168 Mail at fbi.gov
2:39:21 Mail delivery failed 22.214.171.124
office at roanoke.cc.nc.us
2:25:30 Your IP was logged 126.96.36.199 Admin at cia.gov
1:55:07 hi, ive a new mail address 188.8.131.52
BRANDON at ad.funnel.revenuedirect.com.akadns.net
0:20:40 Your Password 184.108.40.206 office at thawte.com
0:19:08 Registration Confirmation 220.127.116.11
postman at carteret.edu
Interesting to see how the single site rolled thru
messages and spoofed addresses. Of course the IP may
have been spoofed (Bellsouth), but it is a "live" IP
and doesn't appear to respond to scans of a few common
ports - suggesting either a closed system (it does
respond to a ping).
BTW - Port scans are still legal AFAIK - but I have no
intention of making a connection.
From: "Scott Fendley" <scottf at uark.edu>
Subject: Re: [Dshield] "Your IP was logged" Spam/Virus
Date: Mon, 21 Nov 2005 17:24:47 -0600
Yup. This appears to be a new Sober variation.
around today. What a busy day it has been.
At 03:05 PM 11/21/2005, Wayne Beckham wrote:
>Is anyone else seeing a recurrence of these spoofed
>be from the FBI, CIA, etc? I've had a couple of
users report them in
>last two hours.
>Probably nothing, but I just wondered if anyone else
Yahoo! FareChase: Search multiple travel sites in one click.
More information about the list