Post on 22-Apr-2015
Zombi Spam Revealed
Octubre 2007
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2
Introducción
Muchos de los correo spam que se reciben a diario no provienen de servidores legítimos.
Por eso los anunciantes tienen dos opciones:1. Usar un software especial para envío de correo
masivo, a través de su propia red.
Pero, eso le perjudica a su propia red. Los servicios de un tercero que usa su red DSL.
Quien también tendrá que reiniciar su conexión DSL muchas veces, antes de que su dirección IP sea listada en una blacklist.
2. Contratar al dueño de una botnet.
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 3
Técnica empleada
Una forma de demostrar que un correo spam es enviado desde una botnet se logra al revelar las direcciones IP origen en las cabeceras del correo.
De esa forma, un correo con diversas direcciones IP origen [de diferentes proveedores] es clara evidencia que el correo está siendo emitido por PC zombis.
Cada una de esas PC zombis [con capacidad de emitir spam] es gobernada por una botnet.
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 4
Ejemplo revelado
En fecha 08/SET/2007 recibimos varios mensajes SPAM repetitivos.
¿Se trató de un error? Sí, un error que reveló
con facilidad la existencia de un varias PC zombis: zombi spam.
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 5
Perfectly crafted luxury timepieces
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 6
Received: from [85.140.6.21] (helo=ppp85-140-6-21.pppoe.mtu-net.ru) by victima-de-spam.com with esmtp (envelope-from <sylvia@uboc.com>) id 1ITwl1-0005T0-Hp for receiver@victima-de-spam.com; Sat, 08 Sep 2007 05:37:40 -0400Received: from [85.140.6.21] by mpdnsa.uboc.com; Sat, 08 Sep 200709:37:45 +0000Message-ID: <000801c7f1fb$05e52fd6$7e90148d@xmdem>From: "jotham heesung" <sylvia@uboc.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 07:50:23 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FB.05E0EB14"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
inetnum: 85.140.0.0 - 85.140.255.255netname: MTU-PPPOEdescr: ZAO MTU-Inteldescr: Mamonovskij pereulok d.5descr: 123001, Moscowdescr: Russiacountry: RUadmin-c: MTU1-RIPEtech-c: MTU1-RIPEstatus: ASSIGNED PAmnt-by: MTU-NOCsource: RIPE # Filtered
descr: ZAO MTU-Intel's Moscow Region Networkdescr: ZAO MTU-Inteldescr: Moscow, Russiaorigin: AS8359remarks: Please send abuse reports to abuse@mtu.ru
08 Sep 2007 05:37:40 -0400
Alemania, Motor spam: 85.140.6.21
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 7
Received: from [83.97.240.164] (helo=cm-83-97-240-164.telecable.es) by victima-de-spam.com with esmtp (envelope-from <balkrish@tvheaven.com>) id 1ITwmd-0006Lo-9P for receiver@victima-de-spam.com; Sat, 08 Sep 2007 05:39:23 -0400Received: from [83.97.240.164] by ns1.freeservers.com; Sat, 08 Sep 200709:39:55 +0000Message-ID: <000801c7f1fc$0647c1bb$dd5706ad@jqbhf>From: "brady ari" <balkrish@tvheaven.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 07:52:32 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FC.064267A5"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 83.97.219.0 - 83.97.255.255netname: TELECABLEdescr: TELECABLEcountry: ES
route: 83.97.128.0/17descr: TeleCableorigin: AS12946mnt-by: SPTA-MNTsource: RIPE # Filtered
08 Sep 2007 05:39:23 -0400
España, Motor spam: 83.97.240.164
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 8
Received: from [88.238.124.19] (helo=dsl88.238-31763.ttnet.net.tr) by victima-de-spam.com with esmtp (envelope-from <weinrich@currentmail.com>) id 1ITwq0-0007gp-Vt for receiver@victima-de-spam.com; Sat, 08 Sep 2007 05:42:49 -0400Received: from [88.238.124.19] by ns1.mcisi.net; Sat, 08 Sep 200709:42:46 +0000Message-ID: <000701c7f1fc$0716cf2c$750ef591@boohaku>From: "benoit havelock" <weinrich@currentmail.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 07:55:23 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F1FC.071232EF"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 88.238.0.0 - 88.238.255.255netname: TurkTelekomdescr: TT ADSL-NEC dynamic_gaycountry: tr
route: 88.238.0.0/17descr: TurkTelecomorigin: AS9121mnt-by: AS9121-MNTsource: RIPE # Filtered
08 Sep 2007 05:42:49 -0400
Turquía, Motor spam: 88.238.124.19
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 9
Received: from [84.58.222.26](helo=dslb-084-058-222-026.pools.arcor-ip.net) by victima-de-spam.com with esmtp (envelope-from <hwansoo@aas.com>) id 1ITxAc-0008WI-Mp for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:04:07 -0400Received: from [84.58.222.26] by ns1.pb.com; Mon, 08 Sep 2003 10:03:28+0000Message-ID: <000601c375f0$071b35dc$fbb6b58c@nlyrtrt>From: "benoit elizabet" <hwansoo@aas.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Mon, 08 Sep 2003 08:16:06 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01C375F0.0717F0D7"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 84.57.113.0 - 84.59.159.255netname: ARCOR-DSL-NET13descr: ARCOR AGdescr: Alfred-Herrhausen-Allee 1descr: D-65760 Eschborncountry: DE
route: 84.58.0.0/16descr: ARCOR-IPorigin: AS3209mnt-by: ARCOR-MNTsource: RIPE # Filtered
08 Sep 2007 06:04:07 -0400
Alemania, Motor spam: 84.58.222.26
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 10
Received: from [86.124.212.240] (helo=86-124-212-240.rdsnet.ro) by victima-de-spam.com with esmtp (envelope-from <dustin@atomic.com>) id 1ITxEh-0002Kh-VI for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:08:20 -0400Received: from [86.124.212.240] by dns2.site5.com; Sat, 08 Sep 200710:08:21 +0000Message-ID: <000701c7f200$0399b4b5$0da7329c@tkmibnad>From: "abdullah gwen" <dustin@atomic.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:20:58 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F200.0395A8F6"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 86.124.212.0 - 86.124.212.255netname: RO-RDS-FTTX-Craiovadescr: Romania Data Systemsdescr: FTTX Customers - Craiovacountry: RO
role: Romania Data Systems NOCaddress: 71-75 Dr. Staicoviciaddress: Bucharest / ROMANIA
route: 86.120.0.0/13descr: RDSNETorigin: AS8708mnt-by: AS8708-MNTsource: RIPE # Filtered
08 Sep 2007 06:08:20 -0400
Rumania, Motor spam: 86.124.212.240
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 11
Received: from [88.244.134.5] (helo=88.244.134.5) by victima-de-spam.com with esmtp (envelope-from <seunghyu@talk21.com>) id 1ITxOA-0006Kj-Jh for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:18:08 -0400Received: from [88.244.134.5] by ns2.bt.net; Sat, 08 Sep 2007 10:17:49+0000Message-ID: <000801c7f201$03cbe73d$9d476487@bxwtrilj>From: "garret elissa" <seunghyu@talk21.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:30:27 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F201.03CA8279"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 88.244.128.0 - 88.244.255.255netname: TurkTelekomdescr: TT ADSL-alcatel dynamic_acicountry: tr
route: 88.244.128.0/17descr: TurkTelecomorigin: AS9121mnt-by: AS9121-MNTsource: RIPE # Filtered
08 Sep 2007 06:18:08 -0400
Turquía, Motor spam: 88.244.134.5
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 12
Received: from [212.220.85.126] (helo=pppoe-0382.urtc.ru) by victima-de-spam.com with esmtp (envelope-from <thomas@galileo.com>) id 1ITxP4-0006M4-JW for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:19:03 -0400Received: from [212.220.85.126] by cmtu.mt.ns.els-gms.att.net; Sat, 08Sep 2007 10:18:49 +0000Message-ID: <000901c7f201$0204cfdf$d1e6a7b0@dytbswp>From: "jeffrey hong-sup" <thomas@galileo.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:31:26 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F201.02009F24"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 212.220.84.0 - 212.220.85.255netname: BOOKS10Kdescr: JSC "10000 books"descr: Ekaterinburg, Lenina st. 49descr: Russiacountry: RU
route: 212.220.64.0/18descr: Provider Block for ru.etelorigin: AS6828mnt-by: MFIST-MNTsource: RIPE # Filtered
08 Sep 2007 06:19:03 -0400
Rusia, Motor spam: 212.220.85.126
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 13
Received: from [90.6.3.153](helo=ADijon-258-1-20-153.w90-6.abo.wanadoo.fr) by victima-de-spam.com with esmtp (envelope-from <jen@ashi.com>) id 1ITxRx-00074A-BB for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:22:01 -0400Received: from [90.6.3.153] by eforwardct.name-services.com; Sat, 08 Sep2007 10:36:13 +0000Message-ID: <000901c7f204$0223ba87$abdc9688@meyraqfd>From: "jakie gilman" <jen@ashi.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:48:50 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F204.021E11BC"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 90.6.3.0 - 90.6.3.255netname: IP2000-ADSL-BASdescr: BSDIJ258 Dijon Bloc 1country: FRremarks: postmaster@wanadoo.fr AND abuse@wanadoo.frroute: 90.0.0.0/11descr: France Telecomorigin: AS3215mnt-by: RAIN-TRANSPACsource: RIPE # Filtered
08 Sep 2007 06:22:01 -0400
Fracia, Motor spam: 90.6.3.153
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 14
Received: from [88.252.18.172] (helo=88.252.18.172) by victima-de-spam.com with esmtp (envelope-from <gustave@lamer.com>) id 1ITxV9-00080P-7B for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:25:22 -0400Received: from [88.252.18.172] by ns2-auth.sprintlink.net; Sat, 08 Sep2007 10:25:13 +0000Message-ID: <000501c7f202$052b5614$a585dd86@lmpbypx>From: "fraser janet" <gustave@lamer.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:37:50 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C7F202.05287B1C"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 88.252.0.0 - 88.252.127.255netname: TurkTelekomdescr: TT ADSL-meteksan dynamic_uluscountry: tre-mail: abuse@ttnet.net.tr
route: 88.252.0.0/17descr: TurkTelecomorigin: AS9121mnt-by: AS9121-MNTsource: RIPE # Filtered
08 Sep 2007 06:25:22 -0400
Turquía, Motor spam: 88.252.18.172
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 15
Received: from [89.20.148.196] (helo=89.20.148.196) by victima-de-spam.com with esmtp (envelope-from <ibrahim@tirol.com>) id 1ITxWB-00005E-5f for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:26:23 -0400Received: from [89.20.148.196] by dns1.tirol.com; Sat, 08 Sep 200710:26:27 +0000Message-ID: <000701c7f202$0678fe15$3d2f2d9c@gpwfjb>From: "elden charlie" <ibrahim@tirol.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:39:04 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F202.06773157"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 89.20.144.0 - 89.20.151.255netname: DEGUNINOdescr: ptp connectionscountry: RUabuse-mailbox: abuse@ti.ru
route: 89.20.144.0/21descr: TI route blockorigin: AS34691mnt-by: TI-MNTsource: RIPE # Filtered
08 Sep 2007 06:26:23 -0400
Rusia, Motor spam: 89.20.148.196
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 16
Received: from [83.29.164.47] (helo=bts47.neoplus.adsl.tpnet.pl) by victima-de-spam.com with esmtp (envelope-from <emrys@ml.com>) id 1ITxWd-00005p-IY for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:26:52 -0400Received: from [83.29.164.47] by am2.ml.com; Sat, 08 Sep 2007 10:25:41+0000Message-ID: <000a01c7f202$01a167f1$3c400594@clpxrgq>From: "artemis je" <emrys@ml.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:38:19 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7F202.019D6900"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 83.29.0.0 - 83.29.255.255netname: NEOSTRADA-ADSLdescr: Neostrada Plusdescr: Krakowcountry: PLemarks: abuse@tpnet.pl
remarks: Abuse and spam notification -> abuse@telekomunikacja.pladdress: POLAND
route: 83.24.0.0/13descr: TPNETdescr: for abuse: abuse@tpnet.plorigin: AS5617mnt-by: AS5617-MNTsource: RIPE # Filtered
08 Sep 2007 06:26:52 -0400
Polonia, Motor spam: 83.29.164.47
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 17
Received: from [41.196.216.35](helo=host-41-196-216-35.static.link.com.eg) by victima-de-spam.com with esmtp (envelope-from <hale@4ur.com>) id 1ITxaF-0001oc-Q2 for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:30:36 -0400Received: from [41.196.216.35] by 4ur.com; Sat, 08 Sep 2007 09:30:24+0000Message-ID: <000801c7f1fa$05fc82bd$9ecb54bf@wppvobx>From: "arvind fritz" <hale@4ur.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 07:43:02 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FA.05FA607F"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 41.196.129.0 - 41.196.255.255netname: EG-LINKdescr: Link Egyptcountry: EGremarks: *** For Abuse and complains , please contact abuse@link.net***
08 Sep 2007 06:30:36 -0400
Egipto, Motor spam: 41.196.216.35
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 18
Received: from [87.160.155.117] (helo=p57A09B75.dip0.t-ipconnect.de) by victima-de-spam.com with esmtp (envelope-from <chia-yin@mountainzone.com>) id 1ITxci-0003Iv-Qs for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:33:09 -0400Received: from [87.160.155.117] by ns6.secureserver.net; Sat, 08 Sep2007 10:33:14 +0000Message-ID: <000a01c7f203$04162b10$0bc779b9@illypyg>From: "jimbo depeche" <chia-yin@mountainzone.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:45:52 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7F203.04126F69"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 87.160.0.0 - 87.186.159.255netname: DTAG-DIAL21descr: Deutsche Telekom AGcountry: DEremarks: * Abuse Contact: http://www.t-com.de/ip-abuse in case of Spam,*e-mail: abuse@t-ipnet.de
route: 87.128.0.0/10descr: Deutsche Telekom AG, Internet service providerorigin: AS3320member-of: AS3320:RS-PA-TELEKOMmnt-by: DTAG-RRsource: RIPE # Filtered
08 Sep 2007 06:26:23 -0400
Alemania, Motor spam: 87.160.155.117
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 19
Received: from [122.167.140.72](helo=ABTS-KK-Dynamic-072.140.167.122.airtelbroadband.in) by victima-de-spam.com with esmtp (envelope-from <koji@msn.com>) id 1ITxha-0004po-UT for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:38:12 -0400Received: from [122.167.140.72] by ns5.msft.net; Sat, 08 Sep 200710:37:56 +0000Message-ID: <000901c7f204$0368ce35$b0c80783@xegxusa>From: "jocko fu-zong" <koji@msn.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:50:34 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F204.0364B898"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 122.167.128.0 - 122.167.191.255netname: ABTS-KK-DSL-9102-blrdescr: Indiacountry: INremarks: d.blr@airtel.in
08 Sep 2007 06:26:23 -0400
Indica, Motor spam: 122.167.140.72
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 20
Received: from [77.46.253.216] (helo=77.46.253.216) by victima-de-spam.com with esmtp (envelope-from <angel@suturex-renodex.com>) id 1ITxlR-0006fr-OU for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:42:16 -0400Received: from [77.46.253.216] by ns1.oleane.net; Sat, 08 Sep 200710:41:54 +0000Message-ID: <000501c7f204$05a447f4$6d20caa2@akahm>From: "christ bichnga" <angel@suturex-renodex.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:54:32 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C7F204.05A396BA"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 77.46.240.0 - 77.46.255.255netname: TELEKOM-NETdescr: TELEKOM SRBIJA, ADSL usersdescr: Takovska 2descr: 11000 BELGRADE SERBIAcountry: CS
Republic of Serbia
address: YUGOSLAVIAroute: 77.46.128.0/17descr: TELEKOM-SRBIJAdescr: Telekom Srbija Internet Backbone Networkorigin: AS8400
08 Sep 2007 06:42:16 -0400
Serbia, Motor spam: 77.46.253.216
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 21
Received: from [89.142.67.140](helo=BSN-142-67-140.dial-up.dsl.siol.net) by victima-de-spam.com with esmtp (envelope-from <ward@four-soft.com>) id 1ITxm0-00071D-N0 for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:42:45 -0400Received: from [89.142.67.140] by ns1.four-soft.com; Sat, 08 Sep 200710:42:34 +0000Message-ID: <000701c7f204$05691b40$e2403c83@neclsq>From: "briant nguyen" <ward@four-soft.com>To: <receiver@victima-de-spam.com>Subject: Perfectly crafted luxury timepiecesDate: Sat, 08 Sep 2007 08:55:12 +0000MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F204.056489A7"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.3790.2663X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN
inetnum: 89.142.0.0 - 89.143.255.255org: ORG-SId2-RIPEnetname: SI-TELEKOM-20060303descr: SiOL Internet d.o.o.country: SI
address: Slovenia
route: 89.142.64.0/18descr: SiOL.SI, Provider Aggregated Blockdescr: SiOL d.o.o.descr: Internet Service Provider in Sloveniadescr: http://www.siol.netorigin: AS5603
08 Sep 2007 06:42:45 -0400
Eslovenia, Motor spam: 89.142.67.140
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 22
Visión global
La diapositivas anteriores permiten dibujar perfectamente el poder computacional de la botnet contratada para emitir éste spam.
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 23
Más información
Problemas que ocasiona una PC zombihttp://www.jacksecurity.com/blog/2007/09/24/pczombi
Soluciones empresariales para infecciones botnet:http://www.jacksecurity.com/files/Brochure-J4.pdf
JaCkCastOficiales de Seguridad
JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 24
Servicios y soluciones JaCkSecurity
Consultoría
Culturización
Verificación
2007 © JaCkSecurity.com
Respuesta
JaCkHaCk-COnsultoria
Servicio de asesoría profesional diseñada para suministrar un
juicio experto en materia de las defensas de
seguridad de la información
Servicio de educación para empresa,
destinado a desarrollar al activo
más importante de la cadena de la seguridad, su
personal
JaCkBasis
Servicio de pruebas de violación de
seguridad informática que
busca identificar y certificar el nivel de
seguridad y defensas con que cuenta su
organización
JaCkHaCk-Pentest
Servicio de investigación de
cómputo, orientada a descubrir quién,
cómo y cuándo logró introducirse y dañar en los sistemas de información de una
organización víctima
JaCknoHaCk
JaCkSecurity le ofrece a su empresa una gama completa servicios prácticos de seguridad, contáctenos: info@jacksecurity.com