Re: Domain HiJacking by SPAMMERS

From: Ho Chaw Ming (chawming_at_pacific.net.sg)
Date: 01/30/04

  • Next message: Ciprian Slobodnic: "Basic questions about network shares"
    To: <security-basics@securityfocus.com>
    Date: Fri, 30 Jan 2004 23:56:17 +0800
    
    

    Yes we are fairly certain, based on the contents of the email. We examine
    the bounced emails. No mistake about it. It is still ongoing now btw, and we
    reckon we have gotten another 10,000-20,000 since we last posted.

    We are simply dropping the emails. But even that takes up some load on the
    server when the flood of bounce emails get high.

    regards

    ----- Original Message -----
    From: "Matt Atkins" <matthewsatkins@msn.com>
    To: <chawming@pacific.net.sg>; <security-basics@securityfocus.com>
    Sent: Friday, January 30, 2004 10:58 PM
    Subject: Re: Domain HiJacking by SPAMMERS

    >From: "Ho Chaw Ming" <chawming@pacific.net.sg>
    >I would be interested too, since we got a client who got "attacked" in such
    >a way yesterday. We received an estimated 30,000 bounced emails alone from
    >the fake reply to email address in a matter of hours. The data center
    >received hundreds of ill-informed abuse reports.

    Are you sure that the bounced emails that you've gotten recently aren't from
    the Mydoom virus? We have also been bombarded with NDR's, but it's because
    the virus is spoofing email addresses from our domain. You might want to
    look at the bouce back message and determine if this is the same issue that
    the original poster is experiencing.

    _________________________________________________________________
    Let the new MSN Premium Internet Software make the most of your high-speed
    experience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Ciprian Slobodnic: "Basic questions about network shares"