Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anyone with experience w/VirtualMDA?

From: Thierry Zoller <Thierry () sniff-em com>
Date: Wed, 30 Mar 2005 21:42:15 +0200
Dear JP Garcia,

JG> All
JG> VirtualMDA seems to do is initiate a telnet session and immediately
JG> quit.  I figure that VirtualMDA does this periodically to log and allow
JG> people's dynamic IPs to connect to their servers.

I can confirm it DOES send spam at a rate which was far beyond my
expectations, at times the machine had 30 threads running connecting
to mta servers around the world delivering "Free L0ans" type of emails.

I can confirm:
- It delivers SPAM/UCE/UE.
- It reports to a master server and receives commands and emails.

Generic IDS fingerprints could be created by using the "from email"
field, but I haven't moved any further I just uninstalled and moved
along.

-- 
Thierry Zoller
http://www.sniff-em.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: