I'm finding that it's incredibly common that dialup/dsl/cable clients are sending spam directly. It is widely assumed that they are running a trojan or are set up as an open relay following the six iterations of the SoBig worm. This isn't new, but the scale of the available resources to the spammers from the SoBig infections is certainly new.
It's easy for me to say that ISPs no longer can whitelist their own IP space for mail handling... very hard for me to tell an ISP what they definitely should do! Andrew 8( -----Original Message----- From: Danny Klopfer [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 10:40 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam via Dialup I just tracked down a client sending out spam via dialup connection. I doubt they even know it happened. Anyone seen this before? I think that they must have a virus or worm that did this. Received: from adornmen.com [207.231.66.244] by ncwebsurfer.com with ESMTP (SMTPD32-8.03) id AC253E6E0228; Wed, 05 Nov 2003 10:06:29 -0800 Message-ID: <[EMAIL PROTECTED]> From: "Brittne Uppal" <[EMAIL PROTECTED]> Subject: Buy viagraST, prozac, Fioricet, zanaflex nayuxidesgeqkblyrzf Date: Wed, 05 Nov 2003 18:06:48 +0000 MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit X-IMAIL-SPAM-VALHELO: (1047396904) X-IMAIL-SPAM-VALFROM: (1047396904) X-RBL-Warning: WEIGHT10: Weight of 15 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [207.231.66.244] X-Declude-Spoolname: D3c253e6e022892c9.SMD Order some viagrast, Soma Online <a href="http://[EMAIL PROTECTED] bxrcbot.bswvbicjxiocdibahiahbfuj.propouvr.biz/vpr6636/?href=www.bbbrsqdjlif. mhsgocqrlnk.jdejopcufpilvddehejfbujvquljbojchcuqymblywccrek">proceed here</a><br> lkugbybxpf tyzzrjczxgmpld jsvrincshoymab --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.