Wired mag article on spammers playing traceroute games with trojaned boxes

• Previous message (by thread): Wired mag article on spammers playing traceroute games with trojaned boxes
• Next message (by thread): Wired mag article on spammers playing traceroute games with trojaned boxes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chris Boyd writes on 10/9/2003 9:21 PM:

> A few minutes later, or from a different nameserver, I get
> 
> Name:    vano-soft.biz
> Addresses:  131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
>           12.252.185.129
> 
> This is a real Hydra.  If everyone on the list looked up vano-soft.biz 
> and removed the trojaned boxes, would we be able to kill it?

Nope - the guy would get more trojaned boxes, no shortage of unpatched 
windows machines on broadband.

There are two ways to go here -

* Nullroute or bogus out in your resolvers the DNS servers for this 
domain --> two problems here.  One is that the spammer doesn't use 
vano-soft.biz in the smtp envelope, and second, he abuses open 
redirectors like yahoo's srd.yahoo.com

* "Follow the money" - find out the spammer / the guy who he spams for, 
from payment information etc.  Sic law enforcement on them.

	srs

-- 
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

• Previous message (by thread): Wired mag article on spammers playing traceroute games with trojaned boxes
• Next message (by thread): Wired mag article on spammers playing traceroute games with trojaned boxes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]