erlug
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Erlug] SPAM attraverso Windows...

from Ivan Sergio Borgonovo [Permanent Link]
To: erlug@xxxxxxxxxxxxxx
Subject: [Erlug] SPAM attraverso Windows...
From: "Ivan Sergio Borgonovo" <mail@xxxxxxxxxxxxxxx>
Date: Sun, 10 Nov 2002 21:36:28 +0100 
Discutevo su quali fossero le fonti di SPAM e mi hanno rigirato questa:

> From: Michael Tokarev <mjt@xxxxxxxxxx>
> Newsgroups: news.admin.net-abuse.email
> Subject: jeem.mail.pv trojan
> Date: Sat, 09 Nov 2002 02:29:34 +0300
> Organization: Telecom Service, JSC
> 
> [Bcc'd to several parties]
> 
> Recently, spammers started to use trojaned winbloze machines
> to send their crap out.  Currently, I know one spammer who
> does this - mlist.ru (currently down).  Below is a list of
> IP addresses of machines infected by this trojan horse and
> ready to send spam.  On the left column, there is an IP address,
> second column is where smtp server is listening: this is a
> trivial open relay listening on non-standard port number,
> it identifies itself as jeem.mail.pv.  The rest are other
> open ports on that IP addres, for reference.  It seems that
> this trojan listens for smtp on one port and listens on
> two other ports as well, probably for it's control.
> The list below verified in last two days, but some machines
> are running not all the day, and may be down sometimes.
> 
> Any information about this trojan horse is apprecated, esp.
> a way to detect those machines/trojans.
> 
> /mjt
> 
> 66.25.8.58      7506 8520 8741 9664
> 12.219.63.37    7506 8520 8741
> 24.69.110.2     4668 5262 6079
> 24.166.91.36    8220 5101 8814 9631
> 128.111.73.123  4620 5634 5855
> 12.237.156.117  7554 5101 8148 8965
> 12.221.130.12   7554 8148 8965
> 140.184.82.200  5778 6372 7189 7384
> 131.123.81.207  5134 5748 6307
> 140.247.28.30   4119 5113 5381 9878
> 160.79.7.226    8172 9186 9407 5101
> 204.210.130.214 4668 5262 6079 1033
> 207.192.219.7   7554 8148 8965 5101
> 207.6.207.90    7216 7810 8627
> 207.71.193.31   4668 5262 5679 6079
> 212.125.197.35  5567 6561 6829 1027 1214 2065
> 24.126.115.170  4668 5262 6079
> 24.127.18.170   4668 5262 6079
> 24.138.30.109   5730 6744 6925 6965
> 24.157.108.181  8464 9578 9817 1311
> 24.159.115.73   7016 8130 8369 8765 1214
> 24.217.167.8    8453 9447 9715
> 24.51.28.137    7016 8130 8369
> 24.53.218.209   7016 8130 8369
> 24.55.104.143   6012 7126 7365
> 24.55.195.15    8220 8814 9631
> 66.168.50.137   8220 8814 9631 1214 2263
> 66.75.36.149    4668 5262 6079
> 68.1.67.110     7506 8520 8741
> 68.63.140.16    7016 8130 8369
> 80.198.52.156   4563 4662 4822 5557 5825 6060
> 80.33.255.143   7554 8148 8965 9194
> 24.52.197.228   7016 8130 8369 1214 2480
> 24.55.67.48     8464 9578 9817 5017 5101
> 68.55.129.42    8220 8814 9631
> 200.46.79.27    7554 8148 8965 2301
> 24.49.51.241    7016 8130 8369 9193
> 62.194.255.249  8104 8698 9515 7340
> 80.48.13.13     6328 6922 7739 7777 1214
> 66.186.235.5    7554 8148 8965 5101 7022
> 129.174.179.143 7016 5017 8130 8369
> 12.225.9.76     4668 1214 3888 5262 6079
> 68.84.56.136    8220 8814 9631
> 24.157.191.53   4668 5262 6079
> 65.33.75.2      8220 8814 9631

anche se credo che la maggior fonte di spam siano ancora server messi 
in rete apposta e gli ISP stessi compiacenti.


-- 
Salve
Ivan Sergio Borgonovo
http://www.webthatworks.it/
uniq life || sleep 24h
<Prev in Thread] Current Thread [Next in Thread>
  • [Erlug] SPAM attraverso Windows..., Ivan Sergio Borgonovo <=
Previous by Date:  Re: [Erlug] vim, Pier Luigi Fiorini
Next by Date:  [Erlug] guardare la TV su Linux, Ivan Sergio Borgonovo
Previous by Thread:  [Erlug] nmap 3.1ALPHA3 per woody, Massimo Danieli
Next by Thread:  [Erlug] guardare la TV su Linux, Ivan Sergio Borgonovo
Indexes:  [Date] [Thread] [Top] [All Lists]