The top 10 is: uu.net chinanet-gd kornet.net above.net chinanet-cq level3.net exodus.net hinet.net cw.net interbusiness.it
http://www.theregister.co.uk/content/55/35937.html ~Rick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler > Sent: Tuesday, March 02, 2004 2:19 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] new Spam report from Sophos > > > > Beside this Top10 list here are my comments: > > Can someone explain me how much spam he's blocking from the > following CIDR ranges? > > 193.70.192.0/24 > 212.216.176.0/24 > 193.70.192.0/24 > 80.180.0.0/16 > 80.181.0.0/16 > 80.182.0.0/16 > 80.117.0.0/16 > 80.206.0.0/16 > 62.123.123.0/24 > > This IP-ranges (large Italian ISPs) are listed in several IP > blacklists for over 6 months now. For sure they aren't spam > free, but on the other side I can see a lot of spam comming > from ".pacbell.net" networks. > > > Beside this there is an interesting article about trojans (in > this case > Randex) used as spam-proxy in the latest edition of c't > (german computer > magazine) > > English translation: http://www.heise.de/english/newsticker/news/44879 > > In the printed version of this article there is a more > detailed explanation how they've tracked down this guys. > After disasembling the code they've installed it on a > dedicated machine and watched the network traffic. This > troyan works as a IRC-Bot and can execute nearly any command > that his "commander" order. > > - Over 11000 bots under his control > - possible DDOS attacks with 1,5 Gbit/s > - collection of software serial numbers from infected machines. > - spam proxies (zombies) > - The bot is able to download new updated versions of himself. > - and so on and so on... > > Interesting: > - Autor and "commander" of this bot is the developer of a > known IRC Server software. > - It looks like AV companies like NAI have found the same > informations as this student in the disasembled code but > haven't forwarded any information to Scottland Yard or FBI. > Symantec explained that they have a large profit from the > increased security need caused by such viruses. > > No more comment needed. > > Markus > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
