Microsoft brings down major fake drug spam network

2011-03-18 Thread Bill Landry 

No wonder I have seen such a huge drop in spam the past few days:

http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms

Anyone else been noticing the decrease in spam?

Bill

Re: Microsoft brings down major fake drug spam network

2011-03-18 Thread Michelle Konzack 
Hello Bill Landry,

Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
> No wonder I have seen such a huge drop in spam the past few days:

???  I get 18-26 mio spams (36 servers with 96.000 users)  per  day  and
nothing has changed.  Please read the news (not only one) more carefully

> http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms
> 
> Anyone else been noticing the decrease in spam?

No, because there are ore then one Botnet of this size now...

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: Microsoft brings down major fake drug spam network

2011-03-18 Thread David F. Skoll 
On Sat, 19 Mar 2011 01:08:42 +0100
Michelle Konzack  wrote:

> No, because there are ore then one Botnet of this size now...

I also haven't noticed much difference.

Regards,

David.

Re: Microsoft brings down major fake drug spam network

2011-03-18 Thread Michelle Konzack 
Hello David F. Skoll,

Am 2011-03-18 20:12:01, hacktest Du folgendes herunter:
> I also haven't noticed much difference.

...and fortunately I use  to block on SMTP level! More
then 70% of the spams are blocked here.  Spamassasin on USER level  stop
arround 25%...  The rest are own filters.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: Microsoft brings down major fake drug spam network

2011-03-18 Thread Karsten Bräckelmann 
On Sat, 2011-03-19 at 01:08 +0100, Michelle Konzack wrote:
> > No wonder I have seen such a huge drop in spam the past few days:
> 
> ???  I get 18-26 mio spams (36 servers with 96.000 users)  per  day  and
> nothing has changed.  Please read the news (not only one) more carefully

See the CBL report [1] about this. Also links to a WSJ article.

As another source, check out the spamcop.net statistics, by now showing
the (absence of) almost daily spikes. That was Rustock.


> > Anyone else been noticing the decrease in spam?
> 
> No, because there are ore then one Botnet of this size now...

Others clearly have noticed, going by what I have read the last days.
Unfortunately, I didn't -- or rather, my personal spam volume went down
months ago quite significantly, for whatever reason. Almost like one
botnet (Rustock?) completely forgot about me at that time already...

My personal spam in-stream has been a lot less botnet generated for a
while. Though I really cannot say the same about 419 scams. *sigh*


[1] http://cbl.abuseat.org/rustock.html

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Microsoft brings down major fake drug spam network

2011-03-18 Thread Bill Landry 

On 3/18/2011 5:08 PM, Michelle Konzack wrote:

Hello Bill Landry,

Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:

No wonder I have seen such a huge drop in spam the past few days:


???  I get 18-26 mio spams (36 servers with 96.000 users)  per  day  and
nothing has changed.  Please read the news (not only one) more carefully


http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms

Anyone else been noticing the decrease in spam?


No, because there are ore then one Botnet of this size now...


Please don't venture to assume you know anything about my spam stat 
numbers.  I have several spamtraps and create 3rd-party ClamAV signature 
databases from them that are distributed via the Sanesecurity rsync 
mirrors.  My 2-month signature database usually runs around 200,000 
signatures.  Now it is down to around 85,000.  Obviously this is a very 
substantial drop.


Enough said.

Bill

Re: Microsoft brings down major fake drug spam network

2011-03-19 Thread Miles Fidelman 

Michelle Konzack wrote:

Hello Bill Landry,

Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
   

No wonder I have seen such a huge drop in spam the past few days:
 

???  I get 18-26 mio spams (36 servers with 96.000 users)  per  day  and
nothing has changed.  Please read the news (not only one) more carefully

   

http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms

Anyone else been noticing the decrease in spam?
 

No, because there are ore then one Botnet of this size now...

   


Absolutely yes.

Context:
- I run a bunch of medium sized, private, email lists on my servers, I'm 
list admin for most, postmaster for all
- I've got a dozen or so personal email addresses, some of which date 
back 30+ years (to ARPANET days)

- most of these addresses are highly visible
- I'm also on a ridiculous number of email lists
- all of my mail ultimately gets aggregated into one account, then 
auto-sorted by a bunch of procmail rules
- I've got pretty much a stock postfix/spamassassin/clamav setup, with 
rules kept up-to-date

- I don't run IP based blocklists - too many false positives
- I let spam through to my account, then use rule-based filters to send 
mail with high scores to /dev/null, then use my eyeballs to delete 
what's left (between avoiding false positives, and keeping track of spam 
trends, the couple of minutes a day to do this seems worth it)


In this context, for the past year or so, I've been averaging 12,000 or 
so emails per day arriving at my mailbox, of which they break down as 
follows:

- 9000 or so to /dev/null
- 1000 or so bounce messages, server admin messages, and such - almost 
all of which are either bounceback spam, or spam-related error messages 
(e.g., the result of spam sent to list admin addresses)
- 1000 or so to a spam folder (high spam score, but not high enough to 
send right to /dev/null) - easy to eyeball and delete, a couple of false 
positives a week, sometimes a really important one (and sometimes a 
really important one that I delete by accident)
- 500 or so messages from various email lists - mostly legitimate, most 
of which I ignore for lack of time
- 500 or so messages that get to my general inbox - of which some are 
for lists that I don't send to other folders, 50 or so legitmate 
messages, and a good amount are spam that doesn't get caught anywhere else


As of two weeks ago, I saw a noticeable drop in the total number of 
incoming messages per day - from 12,000 to around 8,000, and this has 
stayed steady now.  A drop of a third is definitely significant.  My 
sense is that this has mostly been in the category of things that went 
directly to /dev/null.  The amount of mail I manually eyeball does not 
seem to have changed that much - though this is mostly a subjective 
judgment, I haven't been tracking the statistics, other than noting them 
in my daily log report.


One other datapoint:  My outgoing mail que seems to have a lot fewer 
messages that get stuck (the remaining spam that gets through all the 
filters, that gets rejected remotely and requed).




--
In theory, there is no difference between theory and practice.
In  practice, there is.    Yogi Berra

Re: Microsoft brings down major fake drug spam network

2011-03-19 Thread Michelle Konzack 
Hello Miles Fidelman,

In teh last 4 Weeks I see an increase on  my  domains  
and  from several 10.000 IPs trying  to  send  messages  to
localparts like

jfc53   ~120.000 per day
abuse   ~ 11.000 per day
support ~ 35.000 per day

and then several 100.000 (!!!; and increasing) per day like

bg16968
and
20081013211609.gb3090

The timedate change all the time, the "gb" os something like gb[a-z] and
then a changing number of 3  to  5  digits.  This  crap  is  successfuly
stoped by .  Thanks for there powerful service!

Currently I run only a singel  inbound  Courier-Proxy  which  handel the
traffic more or less successful for the two domains.

In total, the Courier-Proxy is hit be over 1mio spams per day.

Also I have a Service for the french government runing with over  75.000
user and is hit by arround 5 mio (currently increasing) spam per day

An more I have Internet-Services in  Morocco,  Turkey  and  Iran  runing
which get 12-20 mio spams per day in total.

I can not see any decreasing amount of spam since nearly one year.

OK, I have a friend at a smal  ISP  here  in  Germany  and  he  told  me
curently the spam is arround 5% of "normal"  niveau.  This  sounds  like
some botnets are targeting exclusively domains...

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL   itsystems@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature