Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

How you can help; Strange Spam Update; port 3001 update

Published: 2005-07-24
Last Updated: 2005-07-24 22:51:36 UTC
by Erik Fichtner (Version: 1)
0 comment(s)

"How can I help?"



Here at the ISC, we occasionally get a note from a reader wanting to know how
they can do something to help out around the place. While we typically point
them in the direction of DShield < http://www.dshield.org/howto.php > and
remind them that the ISC thrives on reader submitted activity and reports;
There is a new thing that you, the reader, can do to help out, if you're so inclined.
The BleedingSnort folks have a new "Spyware Listening Post" project they're
working on, and they have put out a call for volunteers.
< http://www.bleedingsnort.com/article.php?story=20050724144916974 >
Granted, this isn't ISC related, but it's a neat little project, and definitely provides
a good starting point for all those readers who want to write the next "Follow The
Bouncing Malware" series but don't quite know where to start, or those who just
want to get a better handle on what's going on in the netherworld of spammers,
botnets, con-artists, and marketers.

"Strange Spam" update



It appears that the weird "1.txt" spams people are getting are being sent from
systems compromised with one of the Bagel trojans; or so we hear from several
of our readers.

Source port 3001 update


Reader Jason L. writes in about a tool he's been tracking for a while now that
spoofs scans from unused IP addresses with source port 3001 and TCP ID 26127.
Anyone have an idea what tool this is? If so, we'd love to hear about it over
in our shiny new discussion forum! < http://forum.dshield.org/list.php?3 >
Keywords:
0 comment(s)
Diary Archives