Dear all,
I am the moderator of a Buddhist list of over 1200 subscribers. I frequently receive warnings that my computer is infected with some kind of virus or worm etc. You will understand that - as an owner of a Mac OS X computer - it is highly (!) unlikely that my computer indeed is infected :-) There is a far bigger chance that one or more of the computers of the subscribers is infected and generates messages out of his/her address book that contain virus or spam or worms or whatever.
This is a very annoying problem and I wonder if you guys also have troubles with this. Today the problem even got worse: I noticed a port scan attack on my computer (my SNORT system started to fire) which persisted for over an hour. Upon sending a message to the abuse and amin addresses of the server hosting the malignant attacker, I received the following interesting (quick and polite) reply from the admin of that host (Yandex.ru):
"Hello,
our security policies require any host accessing our public resources to be portscanned to detect possibly trojaned or otherwise infected hosts, proxies etc. That is way you're observing those access attempts (sourced from clearly named hosts proxychecker.yandex.net). We won't bother you anymore (unless you obtain your IP address dynamically).
Please notice that, if you didn't access any resources in yandex.ru/yandex.com or ya.ru domain, your computer is probably already infected by some third party and used to send spam received by our server, that in turned sourced the portscan in question."
You will understand that I didn't visit any of their sites recently nor that there was any message sent to them from my computer at all. So, it seems that they nowadays have automatic scripts (more or less violently) attacking any IP address mentioned in spam or virus containing messages that they receive! (I consider port scanning as an intrusion attempt on my system and as an abusive attack). This doesn't promise much good for us as mailing list admins....!!
Ciao!
Loek
