[Full-disclosure] Re: Anyone with experience w/VirtualMDA?

From: Thierry Zoller (Thierry_at_sniff-em.com)
Date: 03/30/05

  • Next message: Thierry Zoller: "[Full-disclosure] Re: Anyone with experience w/VirtualMDA?"
    Date: Wed, 30 Mar 2005 21:42:15 +0200
    To: "JP Garcia" <jgarcia@networkadvocates.com>
    
    

    Dear JP Garcia,

    JG> All
    JG> VirtualMDA seems to do is initiate a telnet session and immediately
    JG> quit. I figure that VirtualMDA does this periodically to log and allow
    JG> people's dynamic IPs to connect to their servers.

    I can confirm it DOES send spam at a rate which was far beyond my
    expectations, at times the machine had 30 threads running connecting
    to mta servers around the world delivering "Free L0ans" type of emails.

    I can confirm:
    - It delivers SPAM/UCE/UE.
    - It reports to a master server and receives commands and emails.

    Generic IDS fingerprints could be created by using the "from email"
    field, but I haven't moved any further I just uninstalled and moved
    along.

    -- 
    Thierry Zoller
    http://www.sniff-em.com
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Thierry Zoller: "[Full-disclosure] Re: Anyone with experience w/VirtualMDA?"

    Relevant Pages

    • Re: Reading Exchange 2003 SMTP Logs / Expected emails dont always arrive
      ... and it has nothing to do with Exchange itself (have spent a week on Exchange ... The issue appears to be as a result of an advanced option on our servers NIC ... As soon as I disabled the option, the emails from ... attachments, but I have checked the 'Message Delivery Option' defaults ...
      (microsoft.public.exchange.connectivity)
    • Re: Reading Exchange 2003 SMTP Logs / Expected emails dont always arrive
      ... directly to it bypassing the ISPs relay servers? ... I would say that the vast majority of emails get to us. ... aware of issues with emails which have no attachments (I have sent myself ... Do any other senders from other companies report any issues sending email ...
      (microsoft.public.exchange.connectivity)
    • Re: There needs to be an international policy
      ... knocking it out circulation in the internet; futher more you wait for these ... >>number of emails going out from a certain IP, domain or host over a period ... >>If these countries had their IP addresses banned on the Internet then 90% ... >>concerted effort to shut down their spamming servers, say after 2 years, ...
      (microsoft.public.security)
    • Re: MS Exchange 5.5 SP4: Outgoing internet mails disappears
      ... >> emails, we set the smarthost in IMS Conntections to ... >> the ISP mail servers. ... the loss rate can ...
      (microsoft.public.exchange.connectivity)
    • Re: [Full-disclosure] Brute force attack - need your advice
      ... have a lot of unusual brute force attack on the servers recently. ... guessing that it could be because of my emails to the list? ... and whatever flies through your network is just random noise. ...
      (Full-Disclosure)