Test Center Threat Watch: Nov 7

At the end of the presidential election fervor, spam volume traffic reported at "medium" level. The spam filter did not show a marked increase in spam traffic in the days leading up to, or on Election night. The only significant spam are a few messages from pageowners.com about ramping up Web traffic.

Threat Watch: 11/7

In wake of news about malware circulating with Barack Obama as the subject, a close eye was kept on the trap network. Lots of activity seen this week:

A noticeable increase in scans against ports usually reserved for remote access: Telnet port 23 and RAdmin port 4899. The scans are logged as coming from various places around the globe: Isreal, Texas, Pakistan, France, Germany, Jamaica and China.

There are several attempts to relay SMTP mail to destination email addresses in China.

Resuming this week, are scans looking for a Symantec Anti Virus exploit. A lookup on the IP addresses of the scanners, shows IP information appearing to originate from within the United States and Beijing and that these IP addresses are not under any proxy servers.

We found something not seen before, a scan against a port used by the remote access application VNC coming from Australia.