Wired mag article on spammers playing traceroute games with trojaned boxes
Chris Boyd
cboyd at gizmopartners.com
Thu Oct 9 15:51:08 UTC 2003
On Thursday, October 9, 2003, at 10:04 AM, Suresh Ramasubramanian
wrote:
>
> http://www.wired.com/news/business/0,1367,60747,00.html
>
> --
> srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
> manager, outblaze.com security and antispam operations
>
>
>
I found one of these today, as a matter of fact. The spam was
advertising an anti-spam package, of course.
The domain name is vano-soft.biz, and looking up the address, I get
Name: vano-soft.biz
Addresses: 12.252.185.129, 131.220.108.232, 165.166.182.168,
193.165.6.97
12.229.122.9
A few minutes later, or from a different nameserver, I get
Name: vano-soft.biz
Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
12.252.185.129
This is a real Hydra. If everyone on the list looked up vano-soft.biz
and removed the trojaned boxes, would we be able to kill it?
--Chris
More information about the NANOG
mailing list