[Full-disclosure] Re: Anyone with experience w/VirtualMDA?

From: Thierry Zoller (Thierry_at_sniff-em.com)
Date: 03/30/05

  • Next message: Thierry Zoller: "[Full-disclosure] Re: Anyone with experience w/VirtualMDA?"
    Date: Wed, 30 Mar 2005 21:42:15 +0200
    To: "JP Garcia" <jgarcia@networkadvocates.com>
    
    

    Dear JP Garcia,

    JG> All
    JG> VirtualMDA seems to do is initiate a telnet session and immediately
    JG> quit. I figure that VirtualMDA does this periodically to log and allow
    JG> people's dynamic IPs to connect to their servers.

    I can confirm it DOES send spam at a rate which was far beyond my
    expectations, at times the machine had 30 threads running connecting
    to mta servers around the world delivering "Free L0ans" type of emails.

    I can confirm:
    - It delivers SPAM/UCE/UE.
    - It reports to a master server and receives commands and emails.

    Generic IDS fingerprints could be created by using the "from email"
    field, but I haven't moved any further I just uninstalled and moved
    along.

    -- 
    Thierry Zoller
    http://www.sniff-em.com
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Thierry Zoller: "[Full-disclosure] Re: Anyone with experience w/VirtualMDA?"