As the month nears the end, mail volumes decline steadily, especially over the weekend. Malicious mail - spam made up less than half the seven-day-average for daily volumes.
Blocked connections hovered at about 88.5 percent and spam stayed at about 11 percent over the weekend, while total mail volumes declined 17 percent. Friday saw only 3.8 percent more total mail than Sunday.
Virus volumes went up again, with three times more viruses hitting the mail servers on Sunday than on Friday. New viruses made their appearance over the weekend -- Troj/DwnLdr-HIH, Troj/Doc-Zip, and Troj/Dloadr-BTP. Troj/Doc-Zip is a family of zip files that contain malware. They are sent in spam pretending to contain information in an attached document. The zip file containing the supposed document is often password protected.
China remains a source, with two virus relays. The other relays were located in Japan, France, and Russia.
The two spam relays from a California-based hosting provider with a data center in Mineola, N.Y. that we noticed mid-week last week continue to hit our servers over the three day period.
The most active mail relay the filters blocked was based in Hundary and is listed in SPAMCOP, XBL, and CBL. Another active relay came from the Netherlands, appearing on XBL and CBL. A Herndon-Va. address (using the Road Runner service) hit the servers both on Friday and Sunday. It is also known, appearing on XBL, CBL, and SORBS.
AttackWatch Sept. 29
Presumably hostile scanning attempts comprised much of the activity logged by the trap network over the weekend. Several TCP scans were conducted via SYN SCAN -- a port scanning method which never opens a full TCP connection, the benefit to the hacker being that this type of scanning is a bit faster than traditional TCP scan methods.
There were also a number of scans against the IIS proxy service reported; scans were logged as coming from the domain www.wantsfly.com --- which appears to be some kind of scanning bot originating out of mainland China.
In fact, there was lots of activity againist the trap network by IP addresses that traced back to Asia. There were some brute force attempts to log into SQL server as well as IIS intrusion attempts, thwarted by SSL security on IIS. Logfiles indicate ICMP echo requests coming from an address from Russia; these are requests that hackers routinely use to garner some information about a machine; usually the operating system type.
Some of the logged attacks are repeat offenders; once again there was continued scanning for a Symantec Anti Virus exploit, and the usual SMTP relay attempts from a Taiwanese IP address.
A few SQL server UDP worm attacks via Buenos Aires, Argentina were logged.
Interestingly, with the majority of these attacks over the weekend, most of the domain information of the intruders/visitors was not logged. In fact a number of IP addresses were not even traceable. Most previous attacks against the trap network had full visitor domain information listed, and the majority of IP address information was traceable.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
