On 2003-09-22 10:40:53 +0200, Jose Marcio Martins da Cruz wrote: > Less than four hours later, we begun to receive spam on the honeypot. > > Now, there are 2067 messages inside. I've just looked to it and I noted > that there are two kind of messages in : spams and virus. I've not > really counted, but it seems to me that 1/4 or something like that are > virus. Amusing ! What does this means ? Some Viruses and Worms scan pages in the browser cache for email adresses. So they would find your honeypot adress if somebody who happens to be infected views your page. > Also, if I compare, for some time period, which gateways are sending > spam to and and which gateways are sending virus to us, the intersection > is allways not empty, but has many common entries (sometimes more than > half one set)... Two possible explanations: 1) People who are infected by viruses and worms are careless. Thus, they are much more likely to install proxies, mail-relays, formmailers and other programs without considering the consequences or even bothering to configure them correctly. 2) Some viruses install trojans which act as open proxies. hp -- _ | Peter J. Holzer | We have failed our own creation and given |_|_) | Sysadmin WSR | birth something truly awful. We're just too | | | hjp@hjp.at | busy cooing over the pram to notice. __/ | http://www.hjp.at/ | -- http://www.internetisshit.org
Attachment:
pgp00099.pgp
Description: PGP signature