Great Circle Associates List-Managers
(August 2004)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Automated attack on list managers?
From: Loek Jehee <loekjehe @ xs4all . nl>
Date: Sun, 22 Aug 2004 14:11:08 +0200
To: list-managers @ greatcircle . com

Dear all,

I am the moderator of a Buddhist list of over 1200 subscribers. I
frequently receive warnings that my computer is infected with some
kind of virus or worm etc. You will understand that - as an owner of
a Mac OS X computer - it is highly (!) unlikely that my computer indeed
is infected :-) There is a far bigger chance that one or more of the
computers of the subscribers is infected and generates messages out
of his/her address book that contain virus or spam or worms or
whatever.

This is a very annoying problem and I wonder if you guys also have
troubles with this. Today the problem even got worse: I noticed a
port scan attack on my computer (my SNORT system started to fire)
which persisted for over an hour. Upon sending a message to the abuse
and amin addresses of the server hosting the malignant attacker, I
received the following interesting (quick and polite) reply from the
admin of that host (Yandex.ru):

"Hello,

our security policies require any host accessing our public resources
to be portscanned to detect possibly trojaned or otherwise infected
hosts, proxies etc. That is way you're observing those access
attempts (sourced from clearly named hosts proxychecker.yandex.net).
We won't bother you anymore (unless you obtain your IP address
dynamically).

Please notice that, if you didn't access any resources in
yandex.ru/yandex.com or ya.ru domain, your computer is probably
already infected by some third party and used to send spam received
by our server, that in turned sourced the portscan in question."

You will understand that I didn't visit any of their sites recently nor
that there was any message sent to them from my computer at all.
So, it seems that they nowadays have automatic scripts (more or
less violently) attacking any IP address mentioned in spam or virus
containing messages that they receive! (I consider port scanning as
an intrusion attempt on my system and as an abusive attack).
This doesn't promise much good for us as mailing list admins....!!

Ciao!

Loek





Follow-Ups:
Indexed By Date Previous: Re: (off topic) Compressing and Saving to floppy
From: "Anthony J. Albert" <albert @ polaris . umpi . maine . edu>
Next: Re: Automated attack on list managers?
From: Tom Neff <tneff @ grassyhill . net>
Indexed By Thread Previous: Re: (off topic) Compressing and Saving to floppy
From: "Anthony J. Albert" <albert @ polaris . umpi . maine . edu>
Next: Re: Automated attack on list managers?
From: Tom Neff <tneff @ grassyhill . net>

Google
 
Search Internet Search www.greatcircle.com