Test Center ThreatWatch: Oct 8

Spam Watch: 10/5-10/7

Yesterday's total mail volume declined slightly from Monday, which was a little surprising as the Test Center expected to see high volumes this week. According to MX Logic's Threat Center, spam and blocked mail volumes were around 82 percent and very low virus activity.

eSoft's Threat Center currently reports the threat level elevated, but not yet high, which has been the case for the past few weeks.

Troj/Agent-HUH remains the most common trojan, with a lot of activity from Germany, Netherlands, and the United Kingdom. Spam seemed to stay close to home yesterday, with most active relays located in the US. We haven't seen the polymorphic file infecting virus W32/Sality-AM flagged by Sophos Labs yet.

Foreign language spam has made a resurgence in recent days, as well as more headlines related to the U.S. presidential elections. Another common scam making the rounds are related to making money -- such as participating in some kind of an import/export business, or receiving a percentage of some money being transferred.

Attack Watch: 10/8

Perhaps Optimum Online has cracked down on that rogue IP address because there were no attempts yesterday or today, although a Road Runner IP (Time Warner) has taken its place. Around midnight, and again at 11 a.m. today, there were about 60 to 70 IIS Reset commands from a single NYC-based, residential Road Runner user. The commands were all sent within a minute.

There were several "ghost surf" attempts, that let users surf anonymously and encrypt their connections, from an IP Address in China. The attempts to led to serveral efforts to open up IIS proxies and reroute HTTP connections. We will be keeping an eye out for future ghosts.

Another IP address from China focused on the SQL Server installation.