Re: [Full-Disclosure] About spamb strange characters

From: Joe Stewart (jstewartat_private)
Date: Tue May 13 2003 - 07:03:15 PDT

Next message: Daniel Sedory: "Re: Windows XP Startup Disk"

Previous message: Eric LeBlanc: "Re: [Full-Disclosure] About spamb strange characters"
In reply to: Eric LeBlanc: "Re: [Full-Disclosure] About spamb strange characters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 13 May 2003 09:20 am, Eric LeBlanc wrote:

> Each time, I receive 2 spam in 10 seconds (sometime 3 spam).  If I check
> the header, it's ALWAY from 2 different hosts.  For example, one from usa
> and chinese...
>
> Now, my question: they use a relay-bot spams ? (think DDoS with zombies
> (trojans), but for spammers..)

That's exactly what they are doing. I wrote a paper on one of the methods they
use, which is proxy servers installed by the Sobig.a virus (which is still in
active circulation). See: http://www.lurhq.com/sobig.html

-Joe

-- 
Joe Stewart, GCIH 
Senior Intrusion Analyst
LURHQ Corporation
http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Daniel Sedory: "Re: Windows XP Startup Disk"
Previous message: Eric LeBlanc: "Re: [Full-Disclosure] About spamb strange characters"
In reply to: Eric LeBlanc: "Re: [Full-Disclosure] About spamb strange characters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 13 2003 - 08:04:18 PDT