North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [Fwd: Re: sober.z to hit tomorrow]

  • From: Wil Schultz
  • Date: Fri Jan 06 11:04:38 2006

And here i was expecting .ZIP file from the FBI and CIA telling me that I need to full out a "survey" :)

-Wil

Martin Hannigan wrote:

Here is some more interesting information. I'm not positive this is Sober.Z related but it's walking like and talking like a duck.

First I see the below DNS requests, shortly after I see many SMTP packets hitting Hotmail, AOL, Yahoo.com, Yahoo.co.uk, Progegy, etc.... Looks like it's... Sending SPAM?!?!

No! Not that!


This I didn't expect at all, here is a trace from one of the known infected users:


This is how these folks make money.