Test Center ThreatWatch: Sept. 26

Spam Watch 9/23 - 9/25

Spam activity spiked again yesterday, hitting the levels seen on Monday after declining all week. Everything was up on Thursday: more blocked connections than at any point during the week -- more spam, more viruses, more unknown mail.

However, the increase in spam meant mail breakdowns were entirely off from average or recent patterns. Instead of being in the high-80-percent range, blocked mail made up only 79 percent. Spam surged to 20 percent -- the bulk of the increase is in the "high" category -- the messages the filters could tell easily that they were spam.

Looking at subject lines, it's clear that the U.S. Presidential Elections are only 38 days away. Spammers are interested in the election, too! Interestingly, Palin seems to be garnering the most attention, over the actual presidential candidates.

Attack Watch 9/25-9/26

The beginning of the week saw lots of activity logged by the honeypot, compared to the relative quiet of early Friday.

Some scanning activity was logged on the SSH port, with the visitor IP address tracing to Brazil. Logfiles also show five SQL server hacking attempts from the usual Beijing, China IP address. There was another attempt from a server in China try to relay pop up messages ads for www.regfixit.com, a known spyware site, via the MS Messenger service.

There were also several scans made for a Symantec Anti Virus exploit. The scanner was traced back to an IP address originating from a Canadian ISP.