[Dshield] "Your IP was logged" Spam/Virus

Mark markt442 at yahoo.com
Wed Nov 23 01:07:09 GMT 2005

Yup, rec'd 15 from one IP address (BellSouth) over
nearly a 12 hour period.

I have recorded the following table (all transmissions
on 11/22/05):

Time		Topic				Src IP		Spoofed Address
11:16:28	Your IP was logged	Admin at fbi.gov
10:14:13	Registration Confirmation
webmaster at alamance.cc.nc.us
9:34:20		Mail delivery failed
postmaster at domail.maricopa.edu
8:52:42		Your Password
postman at cbts.cinbell.com
5:40:56		Your IP was logged
Office at cia.gov
5:37:54		Your IP was logged	Post at fbi.gov
5:14:48		Registration Confirmation
hostmaster at unisys.com
4:08:26		Paris_Hilton_&_Nicole_Richie
info at lowes.com
3:37:53		Paris_Hilton_&_Nicole_Richie
Admin at zonelabs.com
3:22:25		Your IP was logged	Mail at fbi.gov
2:39:21		Mail delivery failed
office at roanoke.cc.nc.us
2:25:30		Your IP was logged	Admin at cia.gov
1:55:07		hi, ive a new mail address
BRANDON at ad.funnel.revenuedirect.com.akadns.net
0:20:40		Your Password	office at thawte.com
0:19:08		Registration Confirmation
postman at carteret.edu

Interesting to see how the single site rolled thru
messages and spoofed addresses. Of course the IP may
have been spoofed (Bellsouth), but it is a "live" IP
and doesn't appear to respond to scans of a few common
ports - suggesting either a closed system (it does
respond to a ping).

BTW - Port scans are still legal AFAIK - but I have no
intention of making a connection.


From:	"Scott Fendley" <scottf at uark.edu>
Subject:	Re: [Dshield] "Your IP was logged" Spam/Virus
Date:	Mon, 21 Nov 2005 17:24:47 -0600

Yup.  This appears to be a new Sober variation.
(sober.Y) going 
around today.  What a busy day it has been.

At 03:05 PM 11/21/2005, Wayne Beckham wrote:
>Is anyone else seeing a recurrence of these spoofed
purporting to
>be from the FBI, CIA, etc?  I've had a couple of
users report them in 
>last two hours.
>Probably nothing, but I just wondered if anyone else
was seeing 
>- Wayne

Yahoo! FareChase: Search multiple travel sites in one click.

More information about the list mailing list