Full Disclosure mailing list archives
Re: Anyone with experience w/VirtualMDA?
From: Thierry Zoller <Thierry () sniff-em com>
Date: Wed, 30 Mar 2005 21:42:15 +0200
Dear JP Garcia, JG> All JG> VirtualMDA seems to do is initiate a telnet session and immediately JG> quit. I figure that VirtualMDA does this periodically to log and allow JG> people's dynamic IPs to connect to their servers. I can confirm it DOES send spam at a rate which was far beyond my expectations, at times the machine had 30 threads running connecting to mta servers around the world delivering "Free L0ans" type of emails. I can confirm: - It delivers SPAM/UCE/UE. - It reports to a master server and receives commands and emails. Generic IDS fingerprints could be created by using the "from email" field, but I haven't moved any further I just uninstalled and moved along. -- Thierry Zoller http://www.sniff-em.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Anyone with experience w/VirtualMDA? Thierry Zoller (Mar 30)
- <Possible follow-ups>
- Re: Anyone with experience w/VirtualMDA? Thierry Zoller (Mar 30)