[feedback-report] Abuse Report with no Spam
Marc Perkel
marc at perkel.com
Thu Jul 12 19:56:44 PDT 2007
OK - Here's a question about abouse reports that don't fit the specs.
I'm now geneating this report to report viruses. I'm able to detect the
presence of viruses without actually receiving the email based only on
the behavior of the virus. What I'm doing is every 6 hours I'm sending a
list of infected computers to abuse. This is the form I'm using now. How
would something like this fit into an ARF model?
=========
This is an automated email courtesy report from the folks at junkemailfilter.com to alert you about computers on your system that are exhibiting behavior that are likely to be infected with a computer virus.
You might want to consider creating a automated script to block port 25 on the IP addresses listed here. We hope this information will help you in determining the source of the problem and shut it down.
If you have any questions or feedback about this virus report or are interesting in learning about our spam filtering technology feel free to contact us. If this is a false positive please accept our apologies and let us know so we can fix the problem.
Marc Perkel - Fearless Leader
Junk Email Filter dot com
http://www.junkemailfilter.com
support at junkemailfilter.com
A total of 43 IP addresses were caught in the last 6 hours. Here is the list:
==== IP LIST BEGIN ====
168.103.248.37
168.103.53.217
209.180.137.105
209.181.101.107
216.160.51.100
216.160.58.37
63.146.231.50
63.224.156.86
63.224.20.56
63.227.99.48
63.229.114.247
63.229.124.14
65.100.21.211
65.101.29.244
67.42.217.236
70.56.91.76
71.209.173.155
71.209.176.195
71.209.180.122
71.210.64.59
71.211.180.185
71.213.53.14
71.213.74.165
71.214.242.2
71.218.182.36
71.218.83.207
71.219.159.90
71.220.127.74
71.220.130.81
71.220.166.237
71.34.12.210
71.34.160.108
71.35.145.113
71.36.119.219
71.37.237.242
75.161.146.212
75.161.168.86
75.162.239.190
75.163.139.152
75.163.187.101
75.163.92.9
75.166.125.243
75.166.92.193
===== IP LIST END =====
You might be wondering how we can detect virus infected computers without actually receiving spam from them. The way these computer were caught is that they continually attempted to connect to high numbered fake MX records when low numbered real MX servers were available. Only spammers and virus infected spam bots try to go in the back door first when the front door is open. The IP addresses listed here exhibited that kind of behavior.
The above list of IP addresses have been blacklisted on our DNS blacklist at hostkarma.junkemailfilter.com. The listing will automatically clear 3 days after the virus activity stops. For more information about our DNS Black/White/Yellow lists please visit http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
This virus reporting system is still experimental. We hope you will find this information useful. Working together we can beat the spammers. If you have any feedback we would like to hear from you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/abuse-feedback-report/attachments/20070712/26a6731a/attachment.html
More information about the abuse-feedback-report
mailing list