La descarga está en progreso. Por favor, espere

La descarga está en progreso. Por favor, espere

Zombi Spam Revealed Octubre 2007. JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2 Introducción Muchos de los correo.

Presentaciones similares


Presentación del tema: "Zombi Spam Revealed Octubre 2007. JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2 Introducción Muchos de los correo."— Transcripción de la presentación:

1 Zombi Spam Revealed Octubre 2007

2 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 2 Introducción Muchos de los correo spam que se reciben a diario no provienen de servidores legítimos. Por eso los anunciantes tienen dos opciones: 1.Usar un software especial para envío de correo masivo, a través de su propia red. Pero, eso le perjudica a su propia red. Los servicios de un tercero que usa su red DSL. Quien también tendrá que reiniciar su conexión DSL muchas veces, antes de que su dirección IP sea listada en una blacklist. 2.Contratar al dueño de una botnet.

3 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 3 Técnica empleada Una forma de demostrar que un correo spam es enviado desde una botnet se logra al revelar las direcciones IP origen en las cabeceras del correo. De esa forma, un correo con diversas direcciones IP origen [de diferentes proveedores] es clara evidencia que el correo está siendo emitido por PC zombis. Cada una de esas PC zombis [con capacidad de emitir spam] es gobernada por una botnet.

4 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 4 Ejemplo revelado En fecha 08/SET/2007 recibimos varios mensajes SPAM repetitivos. ¿Se trató de un error? Sí, un error que reveló con facilidad la existencia de un varias PC zombis: zombi spam.

5 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 5 Perfectly crafted luxury timepieces

6 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 6 Received: from [ ] (helo=ppp pppoe.mtu-net.ru) by victima-de-spam.com with esmtp (envelope-from ) id 1ITwl1-0005T0-Hp for Sat, 08 Sep :37: Received: from [ ] by mpdnsa.uboc.com; Sat, 08 Sep :37: Message-ID: From: "jotham heesung" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :50: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FB.05E0EB14" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V inetnum: netname: MTU-PPPOE descr: ZAO MTU-Intel descr: Mamonovskij pereulok d.5 descr: , Moscow descr: Russia country: RU admin-c: MTU1-RIPE tech-c: MTU1-RIPE status: ASSIGNED PA mnt-by: MTU-NOC source: RIPE # Filtered descr: ZAO MTU-Intel's Moscow Region Network descr: ZAO MTU-Intel descr: Moscow, Russia origin: AS8359 remarks: Please send abuse reports to 08 Sep :37: Alemania, Motor spam:

7 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 7 Received: from [ ] (helo=cm telecable.es) by victima-de-spam.com with esmtp (envelope-from ) id 1ITwmd-0006Lo-9P for Sat, 08 Sep :39: Received: from [ ] by ns1.freeservers.com; Sat, 08 Sep :39: Message-ID: From: "brady ari" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :52: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FC A5" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: TELECABLE descr: TELECABLE country: ES route: /17 descr: TeleCable origin: AS12946 mnt-by: SPTA-MNT source: RIPE # Filtered 08 Sep :39: España, Motor spam:

8 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 8 Received: from [ ] (helo=dsl ttnet.net.tr) by victima-de-spam.com with esmtp (envelope-from ) id 1ITwq0-0007gp-Vt for Sat, 08 Sep :42: Received: from [ ] by ns1.mcisi.net; Sat, 08 Sep :42: Message-ID: From: "benoit havelock" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :55: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F1FC EF" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: TurkTelekom descr: TT ADSL-NEC dynamic_gay country: tr route: /17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT source: RIPE # Filtered 08 Sep :42: Turquía, Motor spam:

9 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 9 Received: from [ ] (helo=dslb pools.arcor-ip.net) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxAc-0008WI-Mp for Sat, 08 Sep :04: Received: from [ ] by ns1.pb.com; Mon, 08 Sep :03: Message-ID: From: "benoit elizabet" To: Subject: Perfectly crafted luxury timepieces Date: Mon, 08 Sep :16: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01C375F0.0717F0D7" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: ARCOR-DSL-NET13 descr: ARCOR AG descr: Alfred-Herrhausen-Allee 1 descr: D Eschborn country: DE route: /16 descr: ARCOR-IP origin: AS3209 mnt-by: ARCOR-MNT source: RIPE # Filtered 08 Sep :04: Alemania, Motor spam:

10 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 10 Received: from [ ] (helo= rdsnet.ro) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxEh-0002Kh-VI for Sat, 08 Sep :08: Received: from [ ] by dns2.site5.com; Sat, 08 Sep :08: Message-ID: From: "abdullah gwen" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :20: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F A8F6" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: RO-RDS-FTTX-Craiova descr: Romania Data Systems descr: FTTX Customers - Craiova country: RO role: Romania Data Systems NOC address: Dr. Staicovici address: Bucharest / ROMANIA route: /13 descr: RDSNET origin: AS8708 mnt-by: AS8708-MNT source: RIPE # Filtered 08 Sep :08: Rumania, Motor spam:

11 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 11 Received: from [ ] (helo= ) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxOA-0006Kj-Jh for Sat, 08 Sep :18: Received: from [ ] by ns2.bt.net; Sat, 08 Sep :17: Message-ID: From: "garret elissa" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :30: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F201.03CA8279" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: TurkTelekom descr: TT ADSL-alcatel dynamic_aci country: tr route: /17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT source: RIPE # Filtered 08 Sep :18: Turquía, Motor spam:

12 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 12 Received: from [ ] (helo=pppoe-0382.urtc.ru) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxP4-0006M4-JW for Sat, 08 Sep :19: Received: from [ ] by cmtu.mt.ns.els-gms.att.net; Sat, 08 Sep :18: Message-ID: From: "jeffrey hong-sup" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :31: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F F24" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: BOOKS10K descr: JSC "10000 books" descr: Ekaterinburg, Lenina st. 49 descr: Russia country: RU route: /18 descr: Provider Block for ru.etel origin: AS6828 mnt-by: MFIST-MNT source: RIPE # Filtered 08 Sep :19: Rusia, Motor spam:

13 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 13 Received: from [ ] (helo=ADijon w90-6.abo.wanadoo.fr) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxRx-00074A-BB for Sat, 08 Sep :22: Received: from [ ] by eforwardct.name-services.com; Sat, 08 Sep :36: Message-ID: From: "jakie gilman" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :48: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F E11BC" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: IP2000-ADSL-BAS descr: BSDIJ258 Dijon Bloc 1 country: FR remarks: AND route: /11 descr: France Telecom origin: AS3215 mnt-by: RAIN-TRANSPAC source: RIPE # Filtered 08 Sep :22: Fracia, Motor spam:

14 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 14 Received: from [ ] (helo= ) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxV P-7B for Sat, 08 Sep :25: Received: from [ ] by ns2-auth.sprintlink.net; Sat, 08 Sep :25: Message-ID: From: "fraser janet" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :37: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C7F B1C" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: TurkTelekom descr: TT ADSL-meteksan dynamic_ulus country: tr route: /17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT source: RIPE # Filtered 08 Sep :25: Turquía, Motor spam:

15 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 15 Received: from [ ] (helo= ) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxWB-00005E-5f for Sat, 08 Sep :26: Received: from [ ] by dns1.tirol.com; Sat, 08 Sep :26: Message-ID: From: "elden charlie" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :39: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F " X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: DEGUNINO descr: ptp connections country: RU abus box: route: /21 descr: TI route block origin: AS34691 mnt-by: TI-MNT source: RIPE # Filtered 08 Sep :26: Rusia, Motor spam:

16 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 16 Received: from [ ] (helo=bts47.neoplus.adsl.tpnet.pl) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxWd-00005p-IY for Sat, 08 Sep :26: Received: from [ ] by am2.ml.com; Sat, 08 Sep :25: Message-ID: From: "artemis je" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :38: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7F D6900" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: NEOSTRADA-ADSL descr: Neostrada Plus descr: Krakow country: PL emarks: remarks: Abuse and spam notification -> address: POLAND route: /13 descr: TPNET descr: for abuse: origin: AS5617 mnt-by: AS5617-MNT source: RIPE # Filtered 08 Sep :26: Polonia, Motor spam:

17 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 17 Received: from [ ] (helo=host static.link.com.eg) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxaF-0001oc-Q2 for Sat, 08 Sep :30: Received: from [ ] by 4ur.com; Sat, 08 Sep :30: Message-ID: From: "arvind fritz" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :43: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FA.05FA607F" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: EG-LINK descr: Link Egypt country: EG remarks: *** For Abuse and complains, please contact 08 Sep :30: Egipto, Motor spam:

18 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 18 Received: from [ ] (helo=p57A09B75.dip0.t-ipconnect.de) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxci-0003Iv-Qs for Sat, 08 Sep :33: Received: from [ ] by ns6.secureserver.net; Sat, 08 Sep :33: Message-ID: From: "jimbo depeche" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :45: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7F F69" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: DTAG-DIAL21 descr: Deutsche Telekom AG country: DE remarks: * Abuse Contact: in case of Spam, * route: /10 descr: Deutsche Telekom AG, Internet service provider origin: AS3320 member-of: AS3320:RS-PA-TELEKOM mnt-by: DTAG-RR source: RIPE # Filtered 08 Sep :26: Alemania, Motor spam:

19 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 19 Received: from [ ] (helo=ABTS-KK-Dynamic airtelbroadband.in) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxha-0004po-UT for Sat, 08 Sep :38: Received: from [ ] by ns5.msft.net; Sat, 08 Sep :37: Message-ID: From: "jocko fu-zong" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :50: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F B898" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: ABTS-KK-DSL-9102-blr descr: India country: IN remarks: 08 Sep :26: Indica, Motor spam:

20 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 20 Received: from [ ] (helo= ) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxlR-0006fr-OU for Sat, 08 Sep :42: Received: from [ ] by ns1.oleane.net; Sat, 08 Sep :41: Message-ID: From: "christ bichnga" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :54: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C7F204.05A396BA" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: netname: TELEKOM-NET descr: TELEKOM SRBIJA, ADSL users descr: Takovska 2 descr: BELGRADE SERBIA country: CS Republic of Serbia address: YUGOSLAVIA route: /17 descr: TELEKOM-SRBIJA descr: Telekom Srbija Internet Backbone Network origin: AS Sep :42: Serbia, Motor spam:

21 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 21 Received: from [ ] (helo=BSN dial-up.dsl.siol.net) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxm D-N0 for Sat, 08 Sep :42: Received: from [ ] by ns1.four-soft.com; Sat, 08 Sep :42: Message-ID: From: "briant nguyen" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep :55: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F A7" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express X-MimeOLE: Produced By Microsoft MimeOLE V X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: org: ORG-SId2-RIPE netname: SI-TELEKOM descr: SiOL Internet d.o.o. country: SI address: Slovenia route: /18 descr: SiOL.SI, Provider Aggregated Block descr: SiOL d.o.o. descr: Internet Service Provider in Slovenia descr: origin: AS Sep :42: Eslovenia, Motor spam:

22 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 22 Visión global La diapositivas anteriores permiten dibujar perfectamente el poder computacional de la botnet contratada para emitir éste spam.

23 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 23 Más información Problemas que ocasiona una PC zombi Soluciones empresariales para infecciones botnet:

24 JaCkCast Oficiales de Seguridad JaCkSecurity © , Zombi SPAM al descubierto 24 Servicios y soluciones JaCkSecurity Consultoría Culturización Verificación 2007 © JaCkSecurity.com Respuesta JaCkHaCk-COnsultoria Servicio de asesoría profesional diseñada para suministrar un juicio experto en materia de las defensas de seguridad de la información Servicio de educación para empresa, destinado a desarrollar al activo más importante de la cadena de la seguridad, su personal JaCkBasis Servicio de pruebas de violación de seguridad informática que busca identificar y certificar el nivel de seguridad y defensas con que cuenta su organización JaCkHaCk-Pentest Servicio de investigación de cómputo, orientada a descubrir quién, cómo y cuándo logró introducirse y dañar en los sistemas de información de una organización víctima JaCknoHaCk JaCkSecurity le ofrece a su empresa una gama completa servicios prácticos de seguridad, contáctenos:


Descargar ppt "Zombi Spam Revealed Octubre 2007. JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2 Introducción Muchos de los correo."

Presentaciones similares


Anuncios Google