Oh! Not again.
I did some research this. Here are my observation.
1. The spammer is using two Indian and two Korean server for sending the
mail. Out of 4 server 3 server are ( I did not check the iimb.ernet ) in
very bad shape. And very easy to hack an account on them. All of them
have number of open ports for which exploits have been posted on the net.
2. The finger log of one of the Korean server was quit confusing and lots
of user with login name as a simple number were found.
3. All the server have Netscape administrative server running which is
another source of account hacking.
3. IMHO the spammer has hacked both the Korean server and now has account on
them. He is sending mail by logging to these server and using smtp of Indian
server.
4. One long shot is that he might have taken dry run of his activity in past
to test his route. It will be worth to check the mail of one month or so for
the occurrence of IP addresses which have appeared in these mail.
Due to shortage of time could not look further.
Best Regards,
M.S.Deshmukh,
Director.
Beta Computronics Pvt. Ltd.
Web Site - http://betacomp.com
-----Original Message-----
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, June 11, 2000 5:32 AM
Subject: [LIH]
> [EMAIL PROTECTED] | PFP - Pretty Fucking Privacy!
(PFP:xxx33RedHatSucks)
>Hello Gays!
> Its been long since I have been evangelising RedHat Linux. Let me
clarify why I think so. There are a number of reasons for this:
>
> * RedHat is Ultra-Secure with just 600+ holes with proper security set
on!
> * Debian Sucks! It also fucks! Asexual reproduction hey - How else would
you
-----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
