All your base are belong to us

Ripwave

I recently came across SenderBase, which lists sources of smtp traffic.

If I'm reading it right there's a fair number of eircom DSL addresses that seem to be sending out large amounts of mail. And most of them are probably "spam zombies" that were infected with viruses that not only propagate the virus, but also allows the machine to be used as a source of spam.

SantaHoe

Hmmm actually I did encounter a problem sending email from my eircom email account to an oceanfree address, I got a return mail spouting something to the effect of - we don't like your server because spam-cop has sh*t-listed it, etc etc.

(Using IOL BB and Web-based email)

Hugh_C

It's probably due to people setting (or trying to set) up mailservers and leaving them as open relays for spammers to do as they wish...

melachi

Originally posted by hughchal
It's probably due to people setting (or trying to set) up mailservers and leaving them as open relays for spammers to do as they wish...

No, I had one of those spam worm things.
Had it removed though, my pings were up in the thousands while it was running and I couldn't browse any pages.

Mutant_Fruit

i caught one before after i had just done a fresh install of windows and forgot to install firewall before i put the internet on.

The giveaway was my connecting was maxed out up and down while i was doing nothing.

Xcellor

Originally posted by Mutant_Fruit
i caught one before after i had just done a fresh install of windows and forgot to install firewall before i put the internet on.

The giveaway was my connecting was maxed out up and down while i was doing nothing.

Are you saying that just because you didnt have a firewall someone was able to log onto an open port on your computer.. Upload a virus and then execute it? Wow that is some achievement.

Or do you mean you downloaded a bogus program which evaded your virus protectio and because you didn't have a firewall installed was taking full advantage of broadband speed to distribute itself?

I had a dose of the Parite virus the other day... I disabled my antivirus protection (because I was looking through folders with .exe that were above 600 mbs... scanner was slowing machine to a halt) and well some how I managed to install the Parite virus which then proceeded to infect every single exe on my entire machine... How my virus protection didn't pick it up previously I don't know... however... Thankfully did not lasting damage and doesn't propogate itself via email only shared LAN directories.

I have to question the purpose of such viruses... I mean what purpose do they have if they don't even damage your system... (of course it took about 4 hours to disinfect every .EXE file... and it added on about 300kb+ to all exe thus reducing the size of space on hard drive). They are just annoyance viruses....

What do virus writers get out of it? If they say, "Hey look at me, I made a cool virus" they are hunted down by FBI (or equivelant organisation) and jailed... The logic of some escapes my understanding.

X

Ripwave

Originally posted by Xcellor
Are you saying that just because you didnt have a firewall someone was able to log onto an open port on your computer.. Upload a virus and then execute it? Wow that is some achievement.

Ya think? Do a google search for "msblaster"

MrPinK

Originally posted by Xcellor
Are you saying that just because you didnt have a firewall someone was able to log onto an open port on your computer.. Upload a virus and then execute it?

Not someone, the virus itself. Although the fact that replicates and propagates by itself makes it a worm and not a virus.

OfflerCrocGod

You know whats even worse!!! - look at the front page it shows the worse offenders someone should get onto Yahoo, Comcast, Aol and Hotmail and tell them that they are generating massive numbers of e-mails:eek:, no doubt they will be shocked. Messing apart:) there are one or two VERY suspicious IPs which are more then likely Bots; but most of the top ones are legitimate mail servers, doesn't mean the mails they send are nothing but crap though :rolleyes:.

Ripwave

Originally posted by OfflerCrocGod
Messing apart:) there are one or two VERY suspicious IPs which are more then likely Bots; but most of the top ones are legitimate mail servers, doesn't mean the mails they send are nothing but crap though :rolleyes:.

Obviously the ones called "mail0x.svc.cra.dublin.eircom.net" are legitmate mail servers. But if the "Daily Magnitude" on a Sunday is higher than the "Monthly Magnitude", it's extremely unlikely that the other addresses are the addresses of commercial mail servers. (That and the fact that anyone actually using an eircom connnection for commercial e-mail purposes will probably have a fixed IP address, and it will resolve to to their name, not an eircom DHCP name).