SANS ISC: How you can help; Strange Spam Update; port 3001 update - SANS Internet Storm Center

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

"How can I help?"

Here at the ISC, we occasionally get a note from a reader wanting to know how
they can do something to help out around the place. While we typically point
them in the direction of DShield < http://www.dshield.org/howto.php > and
remind them that the ISC thrives on reader submitted activity and reports;
There is a new thing that you, the reader, can do to help out, if you're so inclined.
The BleedingSnort folks have a new "Spyware Listening Post" project they're
working on, and they have put out a call for volunteers.
< http://www.bleedingsnort.com/article.php?story=20050724144916974 >
Granted, this isn't ISC related, but it's a neat little project, and definitely provides
a good starting point for all those readers who want to write the next "Follow The
Bouncing Malware" series but don't quite know where to start, or those who just
want to get a better handle on what's going on in the netherworld of spammers,
botnets, con-artists, and marketers.

"Strange Spam" update

It appears that the weird "1.txt" spams people are getting are being sent from
systems compromised with one of the Bagel trojans; or so we hear from several
of our readers.

Source port 3001 update

Reader Jason L. writes in about a tool he's been tracking for a while now that
spoofs scans from unused IP addresses with source port 3001 and TCP ID 26127.
Anyone have an idea what tool this is? If so, we'd love to hear about it over
in our shiny new discussion forum! < http://forum.dshield.org/list.php?3 >