To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- > >On Wed, 14 Feb 2007, Jeremy Epstein wrote: >> There was also a really entertaining presentation from Patrick Petersen of >> IronPort at RSA, in which he mentioned use of defaced web sites as proxy >> forwarders for spammers. According to the presentation, the spammers have a >> fairly sophisticated toolkit that takes over the site and turns it into a >> pharmacy (or whatever) redirect site. A different goal from the Websense >> presentation, but still a purpose other than simple defacement. > >Indeed. I can post some screenshots of some of these tools if you are >interested in them. > >Anon remailers, spam tools, etc. More and more spam is being sent using >web servers. > >I am looking for someone to volunteer to create spam assasin rules based >on how these tools send mail.
Rules are easy when either you don't have it installed or you are proactive and installed it in a non default location which is what we do. I have a couple of rules based upon log analysis and can probably generate more but can't you just use: http://bleedingthreats.net/bleeding-web.rules http://bleedingthreats.net/bleeding-exploit.rules http://bleedingthreats.net/bleeding-attack_response.rules Tom -- Tom Shaw - Chief Engineer, OITC <[EMAIL PROTECTED]>, http://www.oitc.com/ US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475(cell/voice mail,pager) Text Paging: http://www.oitc.com/Pager/sendmessage.html AIM/iChat: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] skype: trshaw _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
