Full Disclosure mailing list archives
Re: About spamb strange characters
From: Joe Stewart <jstewart () lurhq com>
Date: Tue, 13 May 2003 10:03:15 -0400
On Tuesday 13 May 2003 09:20 am, Eric LeBlanc wrote:
Each time, I receive 2 spam in 10 seconds (sometime 3 spam). If I check the header, it's ALWAY from 2 different hosts. For example, one from usa and chinese... Now, my question: they use a relay-bot spams ? (think DDoS with zombies (trojans), but for spammers..)
That's exactly what they are doing. I wrote a paper on one of the methods they use, which is proxy servers installed by the Sobig.a virus (which is still in active circulation). See: http://www.lurhq.com/sobig.html -Joe -- Joe Stewart, GCIH Senior Intrusion Analyst LURHQ Corporation http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- About spamb strange characters Nicolas Villatte (May 13)
- Re: About spamb strange characters Shawn McMahon (May 13)
- Re: About spamb strange characters Eric LeBlanc (May 13)
- Re: About spamb strange characters Joe Stewart (May 13)
- Re: About spamb strange characters Eric LeBlanc (May 13)
- Re: About spamb strange characters northern snowfall (May 13)
- <Possible follow-ups>
- RE: About spamb strange characters John . Airey (May 13)
- Re: About spamb strange characters Nexus (May 13)
- RE: About spamb strange characters Schmehl, Paul L (May 13)
- Re: About spamb strange characters Valdis . Kletnieks (May 14)
- Re: About spamb strange characters Shawn McMahon (May 13)