[Full-disclosure] Re: Anyone with experience w/VirtualMDA?
From: Thierry Zoller (Thierry_at_sniff-em.com)
Date: Wed, 30 Mar 2005 21:42:15 +0200 To: "JP Garcia" <email@example.com>
Dear JP Garcia,
JG> VirtualMDA seems to do is initiate a telnet session and immediately
JG> quit. I figure that VirtualMDA does this periodically to log and allow
JG> people's dynamic IPs to connect to their servers.
I can confirm it DOES send spam at a rate which was far beyond my
expectations, at times the machine had 30 threads running connecting
to mta servers around the world delivering "Free L0ans" type of emails.
I can confirm:
- It delivers SPAM/UCE/UE.
- It reports to a master server and receives commands and emails.
Generic IDS fingerprints could be created by using the "from email"
field, but I haven't moved any further I just uninstalled and moved
-- Thierry Zoller http://www.sniff-em.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/