[Dshield] Extreme increase in spam attempts... any one elseseeing similar event?

Shawn Nunley, CISSP nunley at gmail.com
Thu Aug 23 18:36:26 GMT 2007


I think that is a very plausible explanation for some of the increase.

Shawn Nunley, CISSP
A10 Networks

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Tomas L. Byrnes
Sent: Thursday, August 23, 2007 10:21 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Extreme increase in spam attempts... any one
elseseeing similar event?

Aren't' the universities in the middle of returning?

Could the "September effect" be at work, and maybe changing, as all
those machines trojaned through MySpace and other SN sites are
transported to their new, better peered, homes?

 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Ulf Bahrenfuss
> Sent: Thursday, August 23, 2007 12:36 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Extreme increase in spam attempts... 
> any one elseseeing similar event?
> 
> Hi Chris!
> 
> I concur that something is brewing out there.
> 
> The last two weeks we had a drastic decrease in attempted 
> spamming. We went to an all time low of 25 spams per Minute 
> in a 24h average with almost no peaks. But that seemed like 
> the receeding of the water when the tsunami comes.
> Since Monday (20th of August) we see an increase. The inspam 
> is now at above 70 per minute for the last 24 hours (normal 
> load) and we are at about 400 per minute for the last 6 hours 
> and we are awaiting more. The load is not evenly distributed. 
> The attempts come in short hard bursts.
> 
> As our preemptive filters at the front are to be fast, we do 
> not distinguish between spam and Trojan virus attempts, but 
> all seems to point to another rise of the bot armies trying 
> to infect new systems.
> 
> And in another note: Signal to Noice ratio dropped through 
> the floor. We are now trying to get to above 1% Signal :D
> 
> All hands brace for impact ;-)
> 
> Ulf
> 
> --------------------------------------------------------------
> ----------
> Der Inhalt dieser E-Mail ist nur dann rechtsverbindlich, wenn 
> er von unserer Seite schriftlich bestatigt wird. Diese E-Mail 
> enthalt vertrauliche Informationen. Wenn Sie wissen oder 
> erkennen konnen, dass Sie diese vertraulichen Informationen 
> nicht erhalten sollten, informieren Sie uns bitte und loschen 
> Sie diese E-Mail von Ihrem System. Eine Weiterverwendung oder 
> Verbreitung dieser vertraulichen Informationen ist nicht gestattet.
> 
> The content of this e-mail may only be deemed to be legally 
> binding if it is confirmed by us in writing. This e-mail 
> contains confidential information. If you know or if you can 
> perceive that you are not intended to receive this 
> confidential information please inform us and delete this 
> e-mail from your system. It is not allowed to use or 
> distribute the confidential information.
> 
> --------------------------------------------------------------
> ----------
> TALKLINE GmbH & Co. KG mit Sitz in Elmshorn, AG Pinneberg HRA 
> 1390, Ust.-ID-Nr. DE 214 084 145, Steuernr. 13/280/01306; 
> personlich haftende Gesellschafterin: TALKLINE Verwaltungs 
> GmbH mit Sitz in Elmshorn, AG Pinneberg HRB 2039; 
> Geschaftsfuhrung: Christian Winther, Vorsitzender und CEO, 
> Mogens Soegaard Hansen, CFO; Vorsitzender des Aufsichtsrats: 
> Axel Ruckert
> 
> SEE YOU www.talkline.de
> 
> 
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 
> courses, SANS top instructors, and a great tools and 
> solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
> 

_________________________________________
SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
instructors, and a great tools and solutions expo. Register today!
http://www.sans.org/info/4651 (brochure code ISC)



More information about the list mailing list