[unisog] massive uptick in targeted spam this weekend and week

Steve VanDevender stevev at darkwing.uoregon.edu
Tue Oct 15 20:44:25 GMT 2002


H. Morrow Long writes:
 > We saw a massive uptick in targeted spam this weekend and week with the
 > following characteristics and wondered if anyone else had or was seeing
 > same:
 > 
 > 1.	Sources.  Many of the DNS hostnames used in the headers (e.g. From: lines)
 > 	and some of the spam is coming directly from optingnow.com hosts :
 > 
 > 	ns1.optingnow.com (aka exclusive.optingnow.com), IP # 65.198.164.4
 > 
 > 	We are also seeing a lot of spam emanating from a lot of different sources
 > 	all over the Internet but apparently also from above direct email company.

This stuff basically looks to me like a typical pattern of header
forgeries common to a lot of spamware (to a great extent, everything
that can be forged is forged).  The nice thing, though, is that all the
stuff is showing up with sender addresses in the optingnow.com domain,
making it quite easy to block.  I got my first report of this spam last
week so fortunately I've seen a lot of rejections since then rather than
a lot of spams.

This does underline just how bad the open HTTP proxy problem is right
now, and that it's likely to get worse.  Open proxies are also much more
than a spam problem, as they generally allow effectively anonymous
connections to any TCP service.



More information about the unisog mailing list