On Tuesday 13 May 2003 09:20 am, Eric LeBlanc wrote: > Each time, I receive 2 spam in 10 seconds (sometime 3 spam). If I check > the header, it's ALWAY from 2 different hosts. For example, one from usa > and chinese... > > Now, my question: they use a relay-bot spams ? (think DDoS with zombies > (trojans), but for spammers..) That's exactly what they are doing. I wrote a paper on one of the methods they use, which is proxy servers installed by the Sobig.a virus (which is still in active circulation). See: http://www.lurhq.com/sobig.html -Joe -- Joe Stewart, GCIH Senior Intrusion Analyst LURHQ Corporation http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 08:04:18 PDT