North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sober.z to hit tomorrow
Here is some more interesting information. I'm not positive this is Sober.Z related but it's walking like and talking like a duck. First I see the below DNS requests, shortly after I see many SMTP packets hitting Hotmail, AOL, Yahoo.com, Yahoo.co.uk, Progegy, etc.... Looks like it's... Sending SPAM?!?! This I didn't expect at all, here is a trace from one of the known infected users: ######################################################## 220 mta272.mail.mud.yahoo.com ESMTP YSmtp service ready HELO mx1.mail.yahoo.com 250 mta272.mail.mud.yahoo.com MAIL FROM: <[email protected]> 250 sender <[email protected]> ok RCPT TO: <[email protected]> 250 recipient <[email protected]> ok data 354 go ahead From: "oesh" <[email protected]> To: [email protected] Content-type: text/html Subject: You are tempter-lover, for sure! Soft Cialis. Order <acy></acy>all your prescription medication online<BR> Have a holiday in your <acm></acm>life with Viagra Pro<BR> <A href="http://ikbghlmj.milliontime.info/?acdefjxwnsoyikzcvbghlm">http://achibejkf.victoriaroadmaps.info/?dglmfxwnsoyachizcvbejk</A><BR> Your <acj></acj>wife <acl></acl>will be charmed by your stamina and enduranceGenerik Viagra.<BR> Your wife will be amazed by you. Generik Viagra.<BR> Cheapest Viagra <acx></acx>Pro online<BR> . 250 ok dirdel quit 221 mta272.mail.mud.yahoo.com ######################################################## Wil Schultz wrote: FYI: I've set some traps on our DNS servers, dunno exactally what this means but I thought that I should share:
|