To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
I can't speak for other researchers, but some of the message IDs that I have
seen don't necessarily copy this format... However, this is just stuff that
I have seen come to me. I don't have a huge spamtrap.
Message-ID: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
On 9/18/07, Matt Jonkman <[EMAIL PROTECTED]> wrote:
>
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> Can anyone verify they're seeing the same in other traps?
>
> Can anyone comment on any naturally occurring source or seed that'd
> cause this repeating?
>
> If it's seen in more than one place I'll get together some snort sigs
> for it.
>
> Matt
>
> PinkFreud wrote:
> > To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> > ----------
> >
> >
> > ------------------------------------------------------------------------
> >
> > Actually, the pattern appears to be 01c7fa35$
> >
> >
> > On Tue, Sep 18, 2007 at 05:03:17PM -0400, Jonathan Yarden babbled thus:
> >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> >> ----------
> >> I have a spamtrap getting 80-100k messages/day and noted a pattern that
> >> repeats in the Message-ID field:
> >>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >> Message-ID: <[EMAIL PROTECTED]>
> >>
> >> Obviously in this subset, you can clearly see the pattern...01c7fa
> >>
> >> My question to the list is whether this pattern appears in some of the
> >> Storm Botnet email others are getting.
> >> --
> >> Jon
> >>
> >> Those who make peaceful revolution impossible will make violent
> >> revolution inevitable.
> >> -- John F. Kennedy
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> > All list and server information are public and available to law
> enforcement upon request.
> > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
>
> --
> --------------------------------------------
> Matthew Jonkman
> Bleeding Edge Threats
> US Phone 765-429-0398
> US Fax 312-264-0205
> AUS Phone 61-42-4157-491
> AUS Fax 61-29-4750-026
> http://www.bleedingthreats.net
> --------------------------------------------
>
> PGP: http://www.bleedingthreats.com/mattjonkman.asc
>
>
> _______________________________________________
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> All list and server information are public and available to law
> enforcement upon request.
> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
>
--
James Pleger
p: 623.298.7966
e: [EMAIL PROTECTED]
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
