Home page logo

nanog logo nanog mailing list archives

Re: [Fwd: Re: sober.z to hit tomorrow]
From: Wil Schultz <wschultz () wilcomm net>
Date: Fri, 06 Jan 2006 08:02:42 -0800

And here i was expecting .ZIP file from the FBI and CIA telling me that I need to full out a "survey" :)


Martin Hannigan wrote:

Here is some more interesting information. I'm not positive this is Sober.Z related but it's walking like and talking like a duck.

First I see the below DNS requests, shortly after I see many SMTP packets hitting Hotmail, AOL, Yahoo.com, Yahoo.co.uk, Progegy, etc.... Looks like it's... Sending SPAM?!?!

No! Not that!

This I didn't expect at all, here is a trace from one of the known infected users:

This is how these folks make money.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]