[Dshield] Extreme increase in spam attempts... any one elseseeing similar event?

Tom dshield at oitc.com
Thu Aug 23 19:23:02 GMT 2007


You'd think that with all the CS majors and equipment at universities 
that they could just monitor traffic and then neutralize the new 
offenders....

Tom

At 2:43 PM -0400 8/23/07, Jim McCullough wrote:
>uh yeeeeep
>Dont forget to fire up the clunker.  It seems a clunker from 1972 has
>a better chance of survival during the first few weeks of college
>returning to session.   USC-Columbia started back today.   The theory
>of the change of ip's for trojaned machines could make a good research
>project.
>
>On 8/23/07, Tomas L. Byrnes <tomb at byrneit.net> wrote:
>>  Aren't' the universities in the middle of returning?
>>
>>  Could the "September effect" be at work, and maybe changing, as all
>>  those machines trojaned through MySpace and other SN sites are
>>  transported to their new, better peered, homes?
>>
>>
>>
>>  > -----Original Message-----
>  > > From: list-bounces at lists.dshield.org
>>  > [mailto:list-bounces at lists.dshield.org] On Behalf Of Ulf Bahrenfuss
>>  > Sent: Thursday, August 23, 2007 12:36 AM
>>  > To: General DShield Discussion List
>>  > Subject: Re: [Dshield] Extreme increase in spam attempts...
>>  > any one elseseeing similar event?
>>  >
>>  > Hi Chris!
>>  >
>>  > I concur that something is brewing out there.
>>  >
>>  > The last two weeks we had a drastic decrease in attempted
>>  > spamming. We went to an all time low of 25 spams per Minute
>>  > in a 24h average with almost no peaks. But that seemed like
>>  > the receeding of the water when the tsunami comes.
>>  > Since Monday (20th of August) we see an increase. The inspam
>>  > is now at above 70 per minute for the last 24 hours (normal
>>  > load) and we are at about 400 per minute for the last 6 hours
>>  > and we are awaiting more. The load is not evenly distributed.
>>  > The attempts come in short hard bursts.
>>  >
>>  > As our preemptive filters at the front are to be fast, we do
>>  > not distinguish between spam and Trojan virus attempts, but
>>  > all seems to point to another rise of the bot armies trying
>>  > to infect new systems.
>>  >
>>  > And in another note: Signal to Noice ratio dropped through
>>  > the floor. We are now trying to get to above 1% Signal :D
>>  >
>>  > All hands brace for impact ;-)
>>  >
>>  > Ulf
>>  >
>>  > --------------------------------------------------------------
>>  > ----------
>>  > Der Inhalt dieser E-Mail ist nur dann rechtsverbindlich, wenn
>>  > er von unserer Seite schriftlich bestatigt wird. Diese E-Mail
>>  > enthalt vertrauliche Informationen. Wenn Sie wissen oder
>>  > erkennen konnen, dass Sie diese vertraulichen Informationen
>>  > nicht erhalten sollten, informieren Sie uns bitte und loschen
>>  > Sie diese E-Mail von Ihrem System. Eine Weiterverwendung oder
>>  > Verbreitung dieser vertraulichen Informationen ist nicht gestattet.
>>  >
>>  > The content of this e-mail may only be deemed to be legally
>>  > binding if it is confirmed by us in writing. This e-mail
>>  > contains confidential information. If you know or if you can
>>  > perceive that you are not intended to receive this
>>  > confidential information please inform us and delete this
>>  > e-mail from your system. It is not allowed to use or
>>  > distribute the confidential information.
>>  >
>>  > --------------------------------------------------------------
>>  > ----------
>>  > TALKLINE GmbH & Co. KG mit Sitz in Elmshorn, AG Pinneberg HRA
>>  > 1390, Ust.-ID-Nr. DE 214 084 145, Steuernr. 13/280/01306;
>>  > personlich haftende Gesellschafterin: TALKLINE Verwaltungs
>>  > GmbH mit Sitz in Elmshorn, AG Pinneberg HRB 2039;
>>  > Geschaftsfuhrung: Christian Winther, Vorsitzender und CEO,
>>  > Mogens Soegaard Hansen, CFO; Vorsitzender des Aufsichtsrats:
>>  > Axel Ruckert
>>  >
>>  > SEE YOU www.talkline.de
>>  >
>>  >
>>  > _________________________________________
>>  > SANSFIRE 2007 July 25-August 2 in Washington, DC.  56
>>  > courses, SANS top instructors, and a great tools and
>>  > solutions expo. Register today!
>>  > http://www.sans.org/info/4651 (brochure code ISC)
>  > >
>>
>>  _________________________________________
>>  SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
>>  instructors, and a great tools and solutions expo. Register today!
>>  http://www.sans.org/info/4651 (brochure code ISC)
>>
>
>
>--
>Jim McCullough
>
>"Just because the standard provides a cliff in front of you, you are
>not necessarily required to jump off it."
>
>     Norman Diamond
>_________________________________________
>SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
>instructors, and a great tools and solutions expo. Register today!
>http://www.sans.org/info/4651 (brochure code ISC)


-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
Google Talk: trshaw at gmail.com



More information about the list mailing list