ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 2.a. Analysis - Honeypot!

2003-09-22 06:15:46
On 2003-09-22 10:40:53 +0200, Jose Marcio Martins da Cruz wrote:
Less than four hours later, we begun to receive spam on the honeypot.

Now, there are 2067 messages inside. I've just looked to it and I noted
that there are two kind of messages in : spams and virus. I've not
really counted, but it seems to me that 1/4 or something like that are
virus. Amusing ! What does this means ?

Some Viruses and Worms scan pages in the browser cache for email
adresses. So they would find your honeypot adress if somebody who
happens to be infected views your page.


Also, if I compare, for some time period, which gateways are sending
spam to and and which gateways are sending virus to us, the intersection
is allways not empty, but has many common entries (sometimes more than
half one set)...

Two possible explanations:

1) People who are infected by viruses and worms are careless. Thus, they
are much more likely to install proxies, mail-relays, formmailers and
other programs without considering the consequences or even bothering to
configure them correctly.

2) Some viruses install trojans which act as open proxies.

        hp

-- 
   _  | Peter J. Holzer    | We have failed our own creation and given
|_|_) | Sysadmin WSR       | birth something truly awful. We're just too
| |   | hjp(_at_)hjp(_dot_)at         | busy cooing over the pram to notice.
__/   | http://www.hjp.at/ |       -- http://www.internetisshit.org

Attachment: pgpYOZ6nf5SZd.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>