Re: Re: [Full-disclosure] A Botted Fortune 500 a Day

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Nick FitzGerald <nick () virus-l demon co uk> wrote:

> Steven Adair wrote:
>
> > Also, as a side note, I would like to add that just because SPAM is
> > coming from a certain gateway does not necessarily mean that the
> > machines on
> > their network are infected.  ...
>
> Did you read any of their reports fully?
>
> They don't assume that.  They track the mail back "behind" the gateways 
and they know what forms of what spam are being sent through bot-nets 
because of other systems they run (honeypots, etc) and analysis they 
perform.
>

Indeed.

Also, our (Trend Micro) analysis shows that virtually all spam
these days is being sent by spambots.

The guys at Support Intelligence (Rick and Adam)have done their
homework.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGJVgcq1pz9mNUZTMRAjFHAKDenx2XP0pPphqwsUW9XymjQ7RU1ACghncX
mqzhB1nidD8GjCoMbSkF27s=
=zjJf
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.