North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wired mag article on spammers playing traceroute games with trojanedboxes

  • From: Suresh Ramasubramanian
  • Date: Thu Oct 09 12:24:04 2003

Chris Boyd writes on 10/9/2003 9:21 PM:

A few minutes later, or from a different nameserver, I get

Name: vano-soft.biz
Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
12.252.185.129

This is a real Hydra. If everyone on the list looked up vano-soft.biz and removed the trojaned boxes, would we be able to kill it?
Nope - the guy would get more trojaned boxes, no shortage of unpatched windows machines on broadband.

There are two ways to go here -

* Nullroute or bogus out in your resolvers the DNS servers for this domain --> two problems here. One is that the spammer doesn't use vano-soft.biz in the smtp envelope, and second, he abuses open redirectors like yahoo's srd.yahoo.com

* "Follow the money" - find out the spammer / the guy who he spams for, from payment information etc. Sic law enforcement on them.

srs

--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations