[87726] in North American Network Operators' Group
Re: [Fwd: Re: sober.z to hit tomorrow]
daemon@ATHENA.MIT.EDU (Wil Schultz)
Fri Jan 6 11:03:23 2006
Date: Fri, 06 Jan 2006 08:02:42 -0800
From: Wil Schultz <wschultz@wilcomm.net>
To: nanog@merit.edu
In-Reply-To: <200601060806.k0686aRt003188@world.std.com>
Errors-To: owner-nanog@merit.edu
And here i was expecting .ZIP file from the FBI and CIA telling me that
I need to full out a "survey" :)
-Wil
Martin Hannigan wrote:
>>Here is some more interesting information. I'm not positive this is
>>Sober.Z related but it's walking like and talking like a duck.
>>
>>First I see the below DNS requests, shortly after I see many SMTP
>>packets hitting Hotmail, AOL, Yahoo.com, Yahoo.co.uk, Progegy, etc....
>>Looks like it's... Sending SPAM?!?!
>>
>>
>
>No! Not that!
>
>
>
>>This I didn't expect at all, here is a trace from one of the known
>>infected users:
>>
>>
>
>
>This is how these folks make money.
>
>
>
>
