Re: [Fwd: Re: sober.z to hit tomorrow]

[Wil Schultz <wschultz () wilcomm net>]

And here i was expecting .ZIP file from the FBI and CIA telling me that 
I need to full out a "survey" :)

-Wil

Martin Hannigan wrote:

> > Here is some more interesting information. I'm not positive this is 
> > Sober.Z related but it's walking like and talking like a duck.
> >
> > First I see the below DNS requests, shortly after I see many SMTP 
> > packets hitting Hotmail, AOL, Yahoo.com, Yahoo.co.uk, Progegy, etc.... 
> > Looks like it's... Sending SPAM?!?!
> >    
>
> No! Not that!
>
>  
>
> > This I didn't expect at all, here is a trace from one of the known 
> > infected users:
> >    
>
>
> This is how these folks make money. 
>
>
>