lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1633335755.20050330214215@Sniff-em.com>
Date: Wed Mar 30 20:42:24 2005
From: Thierry at sniff-em.com (Thierry Zoller)
Subject: Re: Anyone with experience w/VirtualMDA?

Dear JP Garcia,

JG> All
JG> VirtualMDA seems to do is initiate a telnet session and immediately
JG> quit.  I figure that VirtualMDA does this periodically to log and allow
JG> people's dynamic IPs to connect to their servers.

I can confirm it DOES send spam at a rate which was far beyond my
expectations, at times the machine had 30 threads running connecting
to mta servers around the world delivering "Free L0ans" type of emails.

I can confirm:
- It delivers SPAM/UCE/UE.
- It reports to a master server and receives commands and emails.

Generic IDS fingerprints could be created by using the "from email"
field, but I haven't moved any further I just uninstalled and moved
along.

-- 
Thierry Zoller
http://www.sniff-em.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ