[nsp-sec] anomalies?

Tino Steward tsteward at us.ntt.net
Tue Dec 28 15:35:05 EST 2010 

In checking abuse@ and security@ (here) email... the number of responses to my initial query are almost double the emails i've seen all day.... and yeah i heard of the "bad guy holiday, but who'd have thunk it'd be so.... traumatic?" :/
tino


On Tue, Dec 28, 2010 at 02:47:43PM -0500, Joel Rosenblatt wrote:
> ----------- nsp-security Confidential --------
> 
> Looks like the numbers are down
> 
> 2009
> 
> 27 1,079,111 spam and other junk came from 186,666 unique IP addresses
> 28 1,219,738 spam and other junk came from 210,886 unique IP addresses
> 29 1,285,179 spam and other junk came from 226,609 unique IP addresses
> 30 1,285,490 spam and other junk came from 229,887 unique IP addresses
> 
> 2010
> 
> 26 877,205 spam and other junk came from 130,124 unique IP addresses
> 27 830,191 spam and other junk came from 107,872 unique IP addresses
> 28 827,000 spam and other junk came from 120,524 unique IP addresses
> 
> Joel
> 
> 
> --On Tuesday, December 28, 2010 7:38 PM +0000 David Freedman <david.freedman at uk.clara.net> wrote:
> 
> >----------- nsp-security Confidential --------
> >
> >Does anybody have graphs showing what the levels were like last year at this
> >time? Although this looks quite low, have nothing to compare against.
> >
> >Dave.
> >
> >
> >
> >On 28/12/2010 19:19, "Gilmore, Patrick" <patrick at akamai.com> wrote:
> >
> >>----------- nsp-security Confidential --------
> >>
> >>On Dec 28, 2010, at 12:55 PM, Joel Rosenblatt wrote:
> >>
> >>>Didn't you get the memo?  It's an official Bad Guy Holiday :-)
> >>>
> >>>Our spam numbers were down below 1 million .. it's a very slow day
> >>
> >>In all seriousness, I'm seeing reports of very low spam, viruses, trojan'ed
> >>attachments, etc. from several places.  For instance, a couple publicly
> >>available graphs:
> >>    <http://cbl.abuseat.org/totalflow.html>
> >>    <http://www.spamcop.net/spamgraph.shtml?spammonth>
> >>
> >>I have also seen multiple reports from multiple places that the Rustock botnet
> >>is either very slow or even completely down.
> >>
> >>This makes some people happy.  It worries others.  Are they just taking a
> >>holiday?  Or are they gearing up for something worse?
> >>
> >>Anyone have any intel?
> >
> >--
> >
> >David Freedman
> >Group Network Engineering
> >
> >david.freedman at uk.clara.net
> >Tel +44 (0) 20 7685 8000
> >
> >Claranet Group
> >21 Southampton Row
> >London - WC1B 5HA - UK
> >http://www.claranet.com
> >
> >Company Registration: 3152737 - Place of registration: England
> >
> >All the information contained within this electronic message from Claranet
> >Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer
> >
> >
> >
> >
> >_______________________________________________
> >nsp-security mailing list
> >nsp-security at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/nsp-security
> >
> >Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> >community. Confidentiality is essential for effective Internet security counter-measures.
> >_______________________________________________
> >
> 
> 
> 
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> Public PGP key
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________

-- 

Tino T. Steward SNA1 - Security & Abuse	                                     tsteward at us.ntt.net
NTT Communications Global IP Network Operations Center                       
214-853-7344 (Ph.)                                                           214.800.7771 (Fax) 

AUP online: http://www.nttamerica.com/legal/internet/acceptable_policy.html 
AUP online: http://www.ntt.net/library/pdf/AUP.pdf 

Check http://www.cert.org for some of the latest documented exploits and your OS manufacturer for the latest security patches.

Intruder detection: http://www.cert.org/tech_tips/intruder_detection_checklist.html

Latest viruses: http://www.cert.org

Recovering from a compromised host: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html 

This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. NTT America makes no warranty that this email is error or virus free. Thank you.

More information about the nsp-security mailing list