On Sun, 13 Jan 2002, Dmitri Smirnov wrote: > just found "Matt Wright FormMail Attacks" as number 5 in 'Top Five' on > aris.securityfocus.com. > I've sent dozens of alerts to ISPs about formmail.pl incidents but still > having the probes from the same subnets (addresses) for few months already. > Looks like people are not serious about this probe. Is anybody know why > number of formmail.pl attacks is growing? May be it is a part of SPAM > toolkit or some very popular tool? Open formmail scripts are commonly being used now by spammers as an alternative form of open relays. There seems to be commercial spamware that searches for and tests formmail scripts. Some of the anti-spam email blacklists block IP's with open formmail's. It wouldn't surprise me terribly if any of them started scanning for open formmail's for the purpose of preemptively blocking them. -- ---------------------------------------------------------------------- Jon Lewis *jlewisat_private*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 11:56:15 PST