North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical [Fwd: Re: sober.z to hit tomorrow]
Here is some more interesting information. I'm not positive this is Sober.Z related but it's walking like and talking like a duck. First I see the below DNS requests, shortly after I see many SMTP packets hitting Hotmail, AOL, Yahoo.com, Yahoo.co.uk, Progegy, etc.... Looks like it's... Sending SPAM?!?! This I didn't expect at all, here is a trace from one of the known infected users: ############################################################### <snip, due to the postmasters request since it looks like SPAM> ############################################################### Wil Schultz wrote: FYI: I've set some traps on our DNS servers, dunno exactally what this means but I thought that I should share:
|