Editor's Note: The CRN Test Center provides analysis of data collected through our security test bed, including information coming into our spam filters and honeynet.
This week provided a surge in spam attacks through Thursday, with spammers attempting to spread lower-level viruses and targeting us from spam relays both in the U.S. And in Asia.
Spam Watch: Sept. 9 through Sept. 11
More viruses hit test bed mail servers on Sept. 11 than at any point this week. The total number of viruses hitting them more than tripled Thursday.
All in all, total spam and virus activity for Sept. 11 continued to drop as the week drew to a close. Thursday's total mail volume was 10 percent less than the week's peak volume received on Sept. 8 and Sept. 9. The mail breakdown stayed consistent, with about 86 percent of mail connections blocked by filters, usually due to bad IP addresses, and 13 percent identified as spam or some kind of malware.
There were fewer connections being blocked Thursday than at any point in the three-day period.
The most frequent virus over the past three days was Trojan Agent-HNY, a low-level Trojan that seems to have made its first appearance this month, and Mal/EncPk-ES, a low-level malware that appeared in August. Trojan Agent-HQM, a low-level Trojan that installs itself in the registry, also made up a large part of the attacks.
The most common spam relay (the IP address that sent the spam) in the last 24 hours was located in Boston. The most active virus relay was located in China and appears on three known Real-Time Blocking Lists. The server blocked the most mail connections from Australia and Poland. These two relays also appear on four RBLs and are known threats.
Attack Watch: Sept. 12
The test bed's unsecured trap network, running with a honeypot, detected mostly benign intrusion attempts. Most intrusion, sniffing attempts were carried out through ICMP and UDP ports. Intrusion attempts and spam attempts were made through SMTP, SQL and TELNET ports.
Countries of origin for intrusion/spamming attempts on the test bed trap network included Spain (specifically Madrid) and Japan. Several intrusion attempts left us data that traced back, via IP address, to an organization called Asia Pacific Network Information Centre.
The majority of attempts examined Sept. 12 for the previous 24 hours do not seem to be so much targeted on distributing malware, but rather spam attempts. (One intruder has generated a reputation on various message boards as a known spammer, the domain information is 122.Red-81-35-83.dynamicIP.rima-tde.net.)
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
