[63673] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Wired mag article on spammers playing traceroute games with trojaned boxes

daemon@ATHENA.MIT.EDU (Chris Boyd)
Thu Oct 9 11:52:07 2003

Date: Thu, 9 Oct 2003 10:51:08 -0500
From: Chris Boyd <cboyd@gizmopartners.com>
To: nanog@merit.edu
In-Reply-To: <3F857909.6030106@outblaze.com>
Errors-To: owner-nanog-outgoing@merit.edu



On Thursday, October 9, 2003, at 10:04  AM, Suresh Ramasubramanian 
wrote:

>
> http://www.wired.com/news/business/0,1367,60747,00.html
>
> -- 
> srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
> manager, outblaze.com security and antispam operations
>
>
>

I found one of these today, as a matter of fact.  The spam was 
advertising an anti-spam package, of course.

The domain name is vano-soft.biz, and looking up the address, I get

Name:    vano-soft.biz
Addresses:  12.252.185.129, 131.220.108.232, 165.166.182.168, 
193.165.6.97
           12.229.122.9

A few minutes later, or from a different nameserver, I get

Name:    vano-soft.biz
Addresses:  131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
           12.252.185.129

This is a real Hydra.  If everyone on the list looked up vano-soft.biz 
and removed the trojaned boxes, would we be able to kill it?

--Chris


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[63673] in North American Network Operators' Group

Re: Wired mag article on spammers playing traceroute games with trojaned boxes

daemon@ATHENA.MIT.EDU (Chris Boyd)Thu Oct 9 11:52:07 2003

daemon@ATHENA.MIT.EDU (Chris Boyd)
Thu Oct 9 11:52:07 2003