Re: Spam surge tied to SpamThru Trojan botnet
Peter H. Lemieux writes: From this article at eWeek: http://www.eweek.com/print_article2/0,1217,a=194218,00.asp The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers. Internet security researchers and law enforcement authorities have traced the operation to a well-organized hacking gang controlling a 70,000-strong peer-to-peer botnet seeded with the SpamThru Trojan. Definitely. As far as I can tell, the SpamThru upsurge: that's the FHARMACY economize more with http://URL; stuff -- is hitting HDR_ORDER_FTSDMCXX*, MID_START_001C, and XBL and URIBL rules. There's also another spammer who's creating another very large batch, separately: the C*na Petroleum stock spammer, hitting RCVD_FORGED_WROTE and TVD_STOCK1. The two sets are quite distinct and on a large scale, and if you look at the rules freqs by contributor, various people have massively differing hitrates on their corpora. For example, HDR_ORDER_FTSDMCXX3 (SpamThru traffic) is 56% of Daryl's corpus, but only 3.4% of zmi's: http://ruleqa.spamassassin.org/20061116-r475642-n/HDR_ORDER_FTSDMCXX3/detail#DETAILS_all_mass_check_date_rev_20061116_r475642_n And RCVD_FORGED_WROTE, the stock spammer, is 6.3% of my corpus and only 0.42% of Michael's: http://ruleqa.spamassassin.org/20061116-r475642-n/RCVD_FORGED_WROTE/detail#DETAILS_all_mass_check_date_rev_20061116_r475642_n Interesting. Not quite sure what that implies though. ;) --j.
Re: Spam surge tied to SpamThru Trojan botnet
On Thursday 16 November 2006 10:59 pm, Steve Lake wrote: Oh joy. So what do we do about this? Are they going to try and bust these guys? Or can't they touch them? At 08:16 PM 11/16/2006 -0500, Peter H. Lemieux wrote: From this article at eWeek: http://www.eweek.com/print_article2/0,1217,a=194218,00.asp The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers. Internet security researchers and law enforcement authorities have traced the operation to a well-organized hacking gang controlling a 70,000-strong peer-to-peer botnet seeded with the SpamThru Trojan. Peter Well as of this morning it 'appears' to have slowed considerably, instead of the 200 or so I was seeing at 6am, I have only 40 and only one of those is a subject from the recent flood. -- Chris pgpBj3O8u3ceE.pgp Description: PGP signature
Spam surge tied to SpamThru Trojan botnet
From this article at eWeek: http://www.eweek.com/print_article2/0,1217,a=194218,00.asp The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers. Internet security researchers and law enforcement authorities have traced the operation to a well-organized hacking gang controlling a 70,000-strong peer-to-peer botnet seeded with the SpamThru Trojan. Peter
