[nsp-sec] A mystery - Where did the spam go?
Joel Rosenblatt
joel at columbia.edu
Tue Feb 26 09:38:53 EST 2008
Interesting .. ours has been going on for over a year now .. mostly spam for various "enhancement" drugs
I've been looking into putting together a server just to parse through the bounced email headers and pull out the IP of the machine that sent the email in the
first place - the trick is to do this without hosing our email system because the volume of these is so high.
I think it would be interesting to correlate these with other sites receiving the same - my guess is that they are originating from a single BOT network.
If I get this project going, would you mind if I ping you?
Thanks,
Joel
--On Tuesday, February 26, 2008 12:12 PM +0100 Borja Marcos <BORJAMAR at SARENET.ES> wrote:
>
> On Feb 25, 2008, at 5:52 PM, Joel Rosenblatt wrote:
>
>> I may have mentioned this before, but we typically get between 2 and
>> 3 million bounce messages a day to jra54449 at cs.columbia.edu - an ID
>> that has never existed
>> at Columbia.
>>
>> Over the last 20 days, the number of messages went from 2 million+
>> down to 13,354 and then back up to 1.1 million.
>
> Something similar going on with spoofed "@ghsa.com" messages. We were receiving around 2.5 million bounces a day.
>
>
>
>
> Borja.
>
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
More information about the nsp-security
mailing list