[81679] in North American Network Operators' Group
Re: ISP phishing
daemon@ATHENA.MIT.EDU (Robert Boyle)
Thu Jun 23 09:55:14 2005
Date: Thu, 23 Jun 2005 09:54:27 -0400
To: Gadi Evron <gadi@tehila.gov.il>, nanog@merit.edu
From: Robert Boyle <robert@tellurian.com>
In-Reply-To: <42BA82F5.8010604@tehila.gov.il>
Errors-To: owner-nanog@merit.edu
At 05:37 AM 6/23/2005, you wrote:
>Hi guys. I notice a large increase in recent weeks of ISP directed
>phishing - largely because of worms moving backward to using the user's
>own domain for the spam, but not just in the from: address.
>
>I believe this started out as a "let's feel this out" or "wow, that
>worked, let's phish ISP's directly too". I now have several reports that
>point to this becoming a serious problem.
>
>Old with a spark of new, but definitely a problem.
>
>Anyone else dealing with this?
Due to the huge number of variants in the wild, our AV software can't keep
up (probably nobody's can). Instead, we enabled a global rule which blocks
any email from accounts such as billing, root, postmaster, antivirus,
abuse, security, etc. which don't originate from our management IP space
where our people work. As a result, we have stopped these phishing scams
for our users dead in their tracks.
-Robert
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
