[Dshield] Extreme increase in spam attempts... any one elseseeing similar event?

Jim McCullough jim.mccullough at gmail.com
Thu Aug 23 18:43:07 GMT 2007


uh yeeeeep
Dont forget to fire up the clunker.  It seems a clunker from 1972 has
a better chance of survival during the first few weeks of college
returning to session.   USC-Columbia started back today.   The theory
of the change of ip's for trojaned machines could make a good research
project.

On 8/23/07, Tomas L. Byrnes <tomb at byrneit.net> wrote:
> Aren't' the universities in the middle of returning?
>
> Could the "September effect" be at work, and maybe changing, as all
> those machines trojaned through MySpace and other SN sites are
> transported to their new, better peered, homes?
>
>
>
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of Ulf Bahrenfuss
> > Sent: Thursday, August 23, 2007 12:36 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] Extreme increase in spam attempts...
> > any one elseseeing similar event?
> >
> > Hi Chris!
> >
> > I concur that something is brewing out there.
> >
> > The last two weeks we had a drastic decrease in attempted
> > spamming. We went to an all time low of 25 spams per Minute
> > in a 24h average with almost no peaks. But that seemed like
> > the receeding of the water when the tsunami comes.
> > Since Monday (20th of August) we see an increase. The inspam
> > is now at above 70 per minute for the last 24 hours (normal
> > load) and we are at about 400 per minute for the last 6 hours
> > and we are awaiting more. The load is not evenly distributed.
> > The attempts come in short hard bursts.
> >
> > As our preemptive filters at the front are to be fast, we do
> > not distinguish between spam and Trojan virus attempts, but
> > all seems to point to another rise of the bot armies trying
> > to infect new systems.
> >
> > And in another note: Signal to Noice ratio dropped through
> > the floor. We are now trying to get to above 1% Signal :D
> >
> > All hands brace for impact ;-)
> >
> > Ulf
> >
> > --------------------------------------------------------------
> > ----------
> > Der Inhalt dieser E-Mail ist nur dann rechtsverbindlich, wenn
> > er von unserer Seite schriftlich bestatigt wird. Diese E-Mail
> > enthalt vertrauliche Informationen. Wenn Sie wissen oder
> > erkennen konnen, dass Sie diese vertraulichen Informationen
> > nicht erhalten sollten, informieren Sie uns bitte und loschen
> > Sie diese E-Mail von Ihrem System. Eine Weiterverwendung oder
> > Verbreitung dieser vertraulichen Informationen ist nicht gestattet.
> >
> > The content of this e-mail may only be deemed to be legally
> > binding if it is confirmed by us in writing. This e-mail
> > contains confidential information. If you know or if you can
> > perceive that you are not intended to receive this
> > confidential information please inform us and delete this
> > e-mail from your system. It is not allowed to use or
> > distribute the confidential information.
> >
> > --------------------------------------------------------------
> > ----------
> > TALKLINE GmbH & Co. KG mit Sitz in Elmshorn, AG Pinneberg HRA
> > 1390, Ust.-ID-Nr. DE 214 084 145, Steuernr. 13/280/01306;
> > personlich haftende Gesellschafterin: TALKLINE Verwaltungs
> > GmbH mit Sitz in Elmshorn, AG Pinneberg HRB 2039;
> > Geschaftsfuhrung: Christian Winther, Vorsitzender und CEO,
> > Mogens Soegaard Hansen, CFO; Vorsitzender des Aufsichtsrats:
> > Axel Ruckert
> >
> > SEE YOU www.talkline.de
> >
> >
> > _________________________________________
> > SANSFIRE 2007 July 25-August 2 in Washington, DC.  56
> > courses, SANS top instructors, and a great tools and
> > solutions expo. Register today!
> > http://www.sans.org/info/4651 (brochure code ISC)
> >
>
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
> instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>


-- 
Jim McCullough

"Just because the standard provides a cliff in front of you, you are
not necessarily required to jump off it."

    Norman Diamond


More information about the list mailing list