Archive for the ‘spam’ Category.

Reverse-Proxy Spam Trojan – Migmaf

Joe Stewart (LURHQ):
Migmaf Reverse-Proxy Spam Trojan

In late June 2003, spam-fighters from the Usenet group noticed a particular spammer seemed to be able to move his websites around at will, minute-by-minute. This activity was also pointed out in an article by Richard M. Smith of

It appeared at first that the spammer had managed to infect thousands of systems with a small webserver trojan – rotating them in and out of the DNS for the domain names he owned every 10 minutes. It made it nearly impossible for ISPs to track and shut down, as the IP addresses were largely owned by dialup users, so ISPs would be fighting a constant battle to keep track of all the reports.

The sites being advertised in the emails were generally Russian porn sites, and Richard Smith pointed out the same servers were involved in a Paypal scam email he had seen.

LURHQ was able to obtain a copy of the trojan – detected from suspicious activity originating from a VPN user on a firewall on a network we monitor. What we found was the trojan was not a webserver at all, but instead: a reverse proxy server. Instead of hosting the content on the victim’s computer, the spammer instead maintained a “master” webserver. We have dubbed this trojan “Migmaf”.

Field Guide to Spam

Dumping SMTP: transport and identity are not the issues; spontaneous association is the issue

Eric Rescorla rebuts the arguments for giving up on SMTP: Should we dump SMTP?:

The movement to ditch SMTP strikes me as more of a howl of frustration at our collective inability to deal with spam than an actual reasoned argument for change.

[Via Ed Felten: Email Redesign Not Helpful]

The big design issue is not transport security or authentication. It is whether spontaneous association is a desired feature, and how such associations are managed or controlled. Since most mailboxes do want to be found (that’s why people publish email addresses in directories and on web pages), re-doing SMTP might yield fresh transport and identity protocols (already available as succinctly described by Rescorla), but would be just as vulnerable to spam, unless something is done to improve association management and its hooks to content filtering. And, while it is interesting to describe a new world in which I can only correspond with people to whom I have been introduced and with whom I maintain a web of credibility, there is a very important question:
Do people really want this, or do they only say they want this?

Bill Gates on Spam

Spam Wars

MIT Technology Review:
Spam Wars

Distributed Delivery of [Messenger] Spam

Shooting the messenger (dumping SMTP)

Lee Maguire: webslog – 2003-05-22

Justin Mason:
‘Shooting The Messenger’

Sobig.C virus exploits spam-friendly open proxies

ComputerWeekly: Sobig: spam, virus or both?

Seven NYT spam interviews

Trend Micro quarantines the letter P

CRN: Daily Archives:
Rule #915, released Tuesday, contained a routine that quarantined all incoming e-mail containing the letter P. Trend Micro discovered the bug soon after releasing Rule #915 and issued Rule #916 to fix it an hour and a half later.

The eManager product is unrelated to Trend Micro’s antivirus software or its Spam Prevention Service (SPS), which was released in March, the spokesman said.