On 12-12-13 11:39 PM, Chris Lewis wrote:
I'll have to try this on a few other bots, bigger traps and different
delays.
As a FYI, I tried it again.
It looks like Kelihos and Festi are also stopped dead in their tracks by
a 30 second banner delay.
That means that all of the currently high-volume spambots, except
Cutwail and Darkmailer (usually Linux) are stopped by a 30 second delay.
Kelihos is alternately spewing HUGE quantities of viral infectors and
Toronto Pharmacy pillz spam.
Festi is trying to spew huge quantities of Canadian Pharmacy Pillz spam.
There are many versions of cutwail in the field, under the control of at
least a dozen different operators. It's quite possible that a 30 second
delay impairs some of them and longer delays will impair yet more.
OTOH, cutwail has multiple operating modes (including AUTH cracking)
which wouldn't be impacted by banner delays.
It looks like the darkmailerish code I have has 60 second timeouts.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg