To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Can anyone verify they're seeing the same in other traps?
Can anyone comment on any naturally occurring source or seed that'd cause this repeating? If it's seen in more than one place I'll get together some snort sigs for it. Matt PinkFreud wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > > ------------------------------------------------------------------------ > > Actually, the pattern appears to be 01c7fa35$ > > > On Tue, Sep 18, 2007 at 05:03:17PM -0400, Jonathan Yarden babbled thus: >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> ---------- >> I have a spamtrap getting 80-100k messages/day and noted a pattern that >> repeats in the Message-ID field: >> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> Message-ID: <[EMAIL PROTECTED]> >> >> Obviously in this subset, you can clearly see the pattern...01c7fa >> >> My question to the list is whether this pattern appears in some of the >> Storm Botnet email others are getting. >> -- >> Jon >> >> Those who make peaceful revolution impossible will make violent >> revolution inevitable. >> -- John F. Kennedy > > > ------------------------------------------------------------------------ > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets -- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats US Phone 765-429-0398 US Fax 312-264-0205 AUS Phone 61-42-4157-491 AUS Fax 61-29-4750-026 http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
