We blocked these senders with a fantastic 550. The source IP addresses are dynamically allocated hence we think they are coming from exploited computers - located mainly in China, Korea and Taiwan.
Senders
* aaaaa@yahoo.com.tw
* z2007tw@yahoo.com.tw
Sample SMTP requests
[220.149.240.9][32496380] rsp: 220 mail.elohkcalb.com
[220.149.240.9][32496380] connected at 6/24/2010 6:31:44 PM
[220.149.240.9][32496380] cmd: EHLO aaaaaa.com
[220.149.240.9][32496380] rsp: 250-mail.elohkcalb.com Hello [220.149.240.9] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK
[220.149.240.9][32496380] cmd: MAIL FROM:aaaaa@yahoo.com.tw SIZE=2679 [220.149.240.9][32496380] rsp: 550 Sender is not allowed.
[220.149.240.9][32496380] disconnected at 6/24/2010 6:31:45 PM
[114.45.53.25][47409299] rsp: 220 mail.elohkcalb.com
[114.45.53.25][47409299] connected at 6/25/2010 8:34:45 AM
[114.45.53.25][47409299] cmd: HELO 114.45.53.25
[114.45.53.25][47409299] rsp: 250 mail.elohkcalb.com Hello [114.45.53.25]
[114.45.53.25][47409299] cmd: MAIL FROM: z2007tw@yahoo.com.tw
[114.45.53.25][47409299] rsp: 550 Sender is not allowed.
[114.45.53.25][47409299] disconnected at 6/25/2010 8:34:45 AM
Friday, June 25, 2010
Thursday, June 24, 2010
Bulletproof Data Center
To all network, firewall & server administrators,
You might want to block the entire class C from 205.209.161.0 to 205.209.161.255. MSG is famous for supporting scam and spam related abusers and we constantly getting unauthorized SMTP requests from these IPs.
Sample SMTP request
[205.209.161.186][2955580] rsp: 220 mail.elohkcalb.com
[205.209.161.186][2955580] connected at 6/14/2010 7:01:35 PM
[205.209.161.186][2955580] cmd: HELO 205.209.161.186
[205.209.161.186][2955580] rsp: 250 mail.elohkcalb.com Hello [205.209.161.186][205.209.161.186][2955580] cmd: MAIL FROM: 88@163.com
[205.209.161.186][2955580] rsp: 250 OK 88@163.com Sender ok
[205.209.161.186][2955580] cmd: RCPT TO: victim@yahoo.com.tw
[205.209.161.186][2955580] rsp: 550 victim@yahoo.com.tw No such user here[205.209.161.186][2955580] disconnected at 6/14/2010 7:01:41 PM
References
http://www.robtex.com/cnet/205.209.161.html
http://www.google.com.sg/search?hl=en&source=hp&q=managed+solutions+group+spam&aq=f&aqi=&aql=&oq=&gs_rfai
You might want to block the entire class C from 205.209.161.0 to 205.209.161.255. MSG is famous for supporting scam and spam related abusers and we constantly getting unauthorized SMTP requests from these IPs.
Sample SMTP request
[205.209.161.186][2955580] rsp: 220 mail.elohkcalb.com
[205.209.161.186][2955580] connected at 6/14/2010 7:01:35 PM
[205.209.161.186][2955580] cmd: HELO 205.209.161.186
[205.209.161.186][2955580] rsp: 250 mail.elohkcalb.com Hello [205.209.161.186][205.209.161.186][2955580] cmd: MAIL FROM: 88@163.com
[205.209.161.186][2955580] rsp: 250 OK 88@163.com Sender ok
[205.209.161.186][2955580] cmd: RCPT TO: victim@yahoo.com.tw
[205.209.161.186][2955580] rsp: 550 victim@yahoo.com.tw No such user here[205.209.161.186][2955580] disconnected at 6/14/2010 7:01:41 PM
References
http://www.robtex.com/cnet/205.209.161.html
http://www.google.com.sg/search?hl=en&source=hp&q=managed+solutions+group+spam&aq=f&aqi=&aql=&oq=&gs_rfai
Send us $5K and we will buy the phone.
From
+65 90169696
Content
<ADV> Purchase any LG Cookie phone frm now till 25 Jul @ any mobile store & get to win LED TV & notebook weekly. Fwd to share with friends. Reply UNSUB to unsub
Sent
24-Jun-2010 16:12
+65 90169696
Content
<ADV> Purchase any LG Cookie phone frm now till 25 Jul @ any mobile store & get to win LED TV & notebook weekly. Fwd to share with friends. Reply UNSUB to unsub
Sent
24-Jun-2010 16:12
Saturday, June 19, 2010
Can we cook the voucher with curry?
From
LOfficiel
Content
SPEND, VOTE for your Fav Fashion Showcase & WIN $2k Palais gift vouchers. Feast your eyes on L'Officiel showcases, now till 30 June- Only at Palais Renaissance!
Sent
19-Jun-2010 12:32
Note
This SMS violated the Singapore Spam Control Act 2007.
LOfficiel
Content
SPEND, VOTE for your Fav Fashion Showcase & WIN $2k Palais gift vouchers. Feast your eyes on L'Officiel showcases, now till 30 June- Only at Palais Renaissance!
Sent
19-Jun-2010 12:32
Note
This SMS violated the Singapore Spam Control Act 2007.
Thursday, June 17, 2010
FREE Designer 2GB Leather Flashdrive
From
SubtleSense
Content
FREE Designer 2GB Leather Flashdrive for 1st 88 to redeem a FACE SPA/BODY SPA (UP$188) @ $18 this Great S'pore Sale! Call 62206656 by 30 Jun. T&Cs.
Sent
17-Jun-2010 16:47
Note
This SMS violated the Singapore Spam Control Act 2007.
SubtleSense
Content
FREE Designer 2GB Leather Flashdrive for 1st 88 to redeem a FACE SPA/BODY SPA (UP$188) @ $18 this Great S'pore Sale! Call 62206656 by 30 Jun. T&Cs.
Sent
17-Jun-2010 16:47
Note
This SMS violated the Singapore Spam Control Act 2007.
For Sale: Newton Suites
From
+6581886427
Content
<ADV>For Sale: Newton Suites. Award Winning Condo. 3 Bed 1238sqf. Ask $1850psf. Gd Corp Tenancy @$6.9k. Call Jayrome 91912368. Reply UN to unsub. http://www.spd.sg/
Sent
17-Jun-2010 15:52
+6581886427
Content
<ADV>For Sale: Newton Suites. Award Winning Condo. 3 Bed 1238sqf. Ask $1850psf. Gd Corp Tenancy @$6.9k. Call Jayrome 91912368. Reply UN to unsub. http://www.spd.sg/
Sent
17-Jun-2010 15:52
Subscribe to:
Posts (Atom)