[Mimedefang] Spammer zombie group behaviour
Sevo Stille
sevo at radiox.de
Thu Apr 22 17:18:38 EDT 2004
David F. Skoll wrote:
> One more followup: We have dramatic evidence of coordination.
> Please see, for example:
>
> http://www.roaringpenguin.com/canit/reports.php?what=hit-n-run-dom&domain=t-online.de
>
> Log in as "demo" with password "demo"
>
> You can see clusters of machines with each cluster comprising a spam
> attack. The largest attack was around 2004/04/22 09:11 and involved
> 21 different machines.
This doesn't neccessarily imply coordination. I've yet to see evidence
of anything smart, like blacklisted machines backing off and handing
over to another machine. So far, they carry on with delivery attempts,
and the other machines attempting to deliver the same spam simply seem
to be processing the same list in parallel and ignorant of each other.
Sevo
More information about the MIMEDefang
mailing list