[Dshield] "Your IP was logged" Spam/Virus
markt442 at yahoo.com
Wed Nov 23 01:07:09 GMT 2005
Yup, rec'd 15 from one IP address (BellSouth) over
nearly a 12 hour period.
I have recorded the following table (all transmissions
Time Topic Src IP Spoofed Address
11:16:28 Your IP was logged 220.127.116.11 Admin at fbi.gov
10:14:13 Registration Confirmation 18.104.22.168
webmaster at alamance.cc.nc.us
9:34:20 Mail delivery failed 22.214.171.124
postmaster at domail.maricopa.edu
8:52:42 Your Password 126.96.36.199
postman at cbts.cinbell.com
5:40:56 Your IP was logged 188.8.131.52
Office at cia.gov
5:37:54 Your IP was logged 184.108.40.206 Post at fbi.gov
5:14:48 Registration Confirmation 220.127.116.11
hostmaster at unisys.com
4:08:26 Paris_Hilton_&_Nicole_Richie 18.104.22.168
info at lowes.com
3:37:53 Paris_Hilton_&_Nicole_Richie 22.214.171.124
Admin at zonelabs.com
3:22:25 Your IP was logged 126.96.36.199 Mail at fbi.gov
2:39:21 Mail delivery failed 188.8.131.52
office at roanoke.cc.nc.us
2:25:30 Your IP was logged 184.108.40.206 Admin at cia.gov
1:55:07 hi, ive a new mail address 220.127.116.11
BRANDON at ad.funnel.revenuedirect.com.akadns.net
0:20:40 Your Password 18.104.22.168 office at thawte.com
0:19:08 Registration Confirmation 22.214.171.124
postman at carteret.edu
Interesting to see how the single site rolled thru
messages and spoofed addresses. Of course the IP may
have been spoofed (Bellsouth), but it is a "live" IP
and doesn't appear to respond to scans of a few common
ports - suggesting either a closed system (it does
respond to a ping).
BTW - Port scans are still legal AFAIK - but I have no
intention of making a connection.
From: "Scott Fendley" <scottf at uark.edu>
Subject: Re: [Dshield] "Your IP was logged" Spam/Virus
Date: Mon, 21 Nov 2005 17:24:47 -0600
Yup. This appears to be a new Sober variation.
around today. What a busy day it has been.
At 03:05 PM 11/21/2005, Wayne Beckham wrote:
>Is anyone else seeing a recurrence of these spoofed
>be from the FBI, CIA, etc? I've had a couple of
users report them in
>last two hours.
>Probably nothing, but I just wondered if anyone else
Yahoo! FareChase: Search multiple travel sites in one click.
More information about the list