Test Center ThreatWatch: Sept. 19

Attack Watch: Sept. 19

The bulk of the activity in the Test Center's trap network over the past 24 hours was benign intrusion attempts. Most intrusion and sniffing attempts were carried out through ICMP and UDP ports. We continue to see a handful of SQL Server attacks, all from a known offender in China. The server IP address is associated with the XuZhou Fengxin Technology.

Test Center was testing a hacking tool to crack the password of an Yahoo email account created specifically for this. At about the same time, there were some scans on port 25 from a server in Yahoo.

Spam Watch: Sept. 16 to Sept. 18:

Virus activity remained higher than usual, but not to the levels seen during Wednesday's outbreak. Total virus volume dropped back down to 0.4 percent of total mail volume, but there were 1.5 times more viruses yesterday than there were on Monday, the most active day before the outbreak.

id

unit-1659132512259

type

Sponsored post

The most common virus was Trojan Agent-HRF, followed by Trojan Agent-HNY.

Another common attack came with an email attachment, ecard.exe. The executable is actually Trojan Agent-HRI.

A bulk of blocked connections came from a known IP relay in China.

For the business week ending Sept. 19, we noticed a definite spike in virus attacks at our mail servers from mid-to-late week - - behavior that may warrant watching for repeats during the near term. In addition, the Test Center's trap networks saw scattered password-hacking attempts aimed at our SQL Server database from a variety of different geographies.

But what we didn't see may force us to take a closer look in the coming weeks as well. Specifically, we haven't seen the hurricane- or disaster-related mail that we've seen in past years during hurricane season. This week's financial turmoil on Wall Street, in the past, would have brought a significant amount of headline-related or financial-related phishing attempts and spam - - but it was almost non-existent this week.

This may either signal a change in tactics or behavior among spammers and bad guys, or perhaps they're sitting in wait for bigger headlines as we draw closer to the U.S. presidential election. We'll know soon enough.