D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Spam increase

 

stinga wrote:
>
> Anyone noticed an increase in spam recently?
> At work we /dev/nulled about 97% of the 4 million emails we received  
> yesterday.
> 
> Just wondering...

For work I get spam-l, and a general increase in spam would be reported
there pretty sharpish. No such messages have been posted.

The switch to PDF on stock spams means many content based filters are
still catching up. This is another indication of the weakness of content
filters to my mind.

The greeting card spams are also a recent side effect of new Windows
malware (search for "storm"). Again something that some content filters
are struggling with, others considered all such greeting card stuff
rubbish even before they started appearing with only IP addresses for
the links.

The only clearly growing problem I see is form submission bots. i.e.
malware that submits forms. At work we have gone from this being a minor
and occasional irritation to thousands of submissions a day every day in
the last few weeks and months.

Again clearly a retasking of spam bots. The sites promoted by these form
submission bots are ALL (!) hosted on compromised web servers -- making
me believe this is all the work of one spam group. There are only about
3 or 4 compromises that have become apparent, one in phpBB2, one in
Lotus Notes, and one is some weird Windows webserver I'd never even
heard of before.

Amazing how much grief two groups of spammers, and some compromised
computers can create.

 Simon

PS: If you /dev/null email, you are filtering it wrong. We reject well
over 99% of all incoming SMTP connections, without going anywhere near
/dev/null.

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html