La descarga está en progreso. Por favor, espere

La descarga está en progreso. Por favor, espere

Zombi Spam Revealed Octubre 2007. JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2 Introducción Muchos de los correo.

Presentaciones similares


Presentación del tema: "Zombi Spam Revealed Octubre 2007. JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2 Introducción Muchos de los correo."— Transcripción de la presentación:

1 Zombi Spam Revealed Octubre 2007

2 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2 Introducción Muchos de los correo spam que se reciben a diario no provienen de servidores legítimos. Por eso los anunciantes tienen dos opciones: 1.Usar un software especial para envío de correo masivo, a través de su propia red. Pero, eso le perjudica a su propia red. Los servicios de un tercero que usa su red DSL. Quien también tendrá que reiniciar su conexión DSL muchas veces, antes de que su dirección IP sea listada en una blacklist. 2.Contratar al dueño de una botnet.

3 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 3 Técnica empleada Una forma de demostrar que un correo spam es enviado desde una botnet se logra al revelar las direcciones IP origen en las cabeceras del correo. De esa forma, un correo con diversas direcciones IP origen [de diferentes proveedores] es clara evidencia que el correo está siendo emitido por PC zombis. Cada una de esas PC zombis [con capacidad de emitir spam] es gobernada por una botnet.

4 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 4 Ejemplo revelado En fecha 08/SET/2007 recibimos varios mensajes SPAM repetitivos. ¿Se trató de un error? Sí, un error que reveló con facilidad la existencia de un varias PC zombis: zombi spam.

5 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 5 Perfectly crafted luxury timepieces

6 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 6 Received: from [85.140.6.21] (helo=ppp85-140-6-21.pppoe.mtu-net.ru) by victima-de-spam.com with esmtp (envelope-from ) id 1ITwl1-0005T0-Hp for receiver@victima-de-spam.com; Sat, 08 Sep 2007 05:37:40 -0400 Received: from [85.140.6.21] by mpdnsa.uboc.com; Sat, 08 Sep 2007 09:37:45 +0000 Message-ID: From: "jotham heesung" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 07:50:23 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FB.05E0EB14" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 inetnum: 85.140.0.0 - 85.140.255.255 netname: MTU-PPPOE descr: ZAO MTU-Intel descr: Mamonovskij pereulok d.5 descr: 123001, Moscow descr: Russia country: RU admin-c: MTU1-RIPE tech-c: MTU1-RIPE status: ASSIGNED PA mnt-by: MTU-NOC source: RIPE # Filtered descr: ZAO MTU-Intel's Moscow Region Network descr: ZAO MTU-Intel descr: Moscow, Russia origin: AS8359 remarks: Please send abuse reports to abuse@mtu.ru 08 Sep 2007 05:37:40 -0400 Alemania, Motor spam: 85.140.6.21

7 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 7 Received: from [83.97.240.164] (helo=cm-83-97-240-164.telecable.es) by victima-de-spam.com with esmtp (envelope-from ) id 1ITwmd-0006Lo-9P for receiver@victima-de-spam.com; Sat, 08 Sep 2007 05:39:23 -0400 Received: from [83.97.240.164] by ns1.freeservers.com; Sat, 08 Sep 2007 09:39:55 +0000 Message-ID: From: "brady ari" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 07:52:32 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FC.064267A5" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 83.97.219.0 - 83.97.255.255 netname: TELECABLE descr: TELECABLE country: ES route: 83.97.128.0/17 descr: TeleCable origin: AS12946 mnt-by: SPTA-MNT source: RIPE # Filtered 08 Sep 2007 05:39:23 -0400 España, Motor spam: 83.97.240.164

8 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 8 Received: from [88.238.124.19] (helo=dsl88.238-31763.ttnet.net.tr) by victima-de-spam.com with esmtp (envelope-from ) id 1ITwq0-0007gp-Vt for receiver@victima-de-spam.com; Sat, 08 Sep 2007 05:42:49 -0400 Received: from [88.238.124.19] by ns1.mcisi.net; Sat, 08 Sep 2007 09:42:46 +0000 Message-ID: From: "benoit havelock" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 07:55:23 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F1FC.071232EF" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 88.238.0.0 - 88.238.255.255 netname: TurkTelekom descr: TT ADSL-NEC dynamic_gay country: tr route: 88.238.0.0/17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT source: RIPE # Filtered 08 Sep 2007 05:42:49 -0400 Turquía, Motor spam: 88.238.124.19

9 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 9 Received: from [84.58.222.26] (helo=dslb-084-058-222-026.pools.arcor-ip.net) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxAc-0008WI-Mp for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:04:07 -0400 Received: from [84.58.222.26] by ns1.pb.com; Mon, 08 Sep 2003 10:03:28 +0000 Message-ID: From: "benoit elizabet" To: Subject: Perfectly crafted luxury timepieces Date: Mon, 08 Sep 2003 08:16:06 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01C375F0.0717F0D7" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 84.57.113.0 - 84.59.159.255 netname: ARCOR-DSL-NET13 descr: ARCOR AG descr: Alfred-Herrhausen-Allee 1 descr: D-65760 Eschborn country: DE route: 84.58.0.0/16 descr: ARCOR-IP origin: AS3209 mnt-by: ARCOR-MNT source: RIPE # Filtered 08 Sep 2007 06:04:07 -0400 Alemania, Motor spam: 84.58.222.26

10 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 10 Received: from [86.124.212.240] (helo=86-124-212-240.rdsnet.ro) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxEh-0002Kh-VI for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:08:20 -0400 Received: from [86.124.212.240] by dns2.site5.com; Sat, 08 Sep 2007 10:08:21 +0000 Message-ID: From: "abdullah gwen" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:20:58 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F200.0395A8F6" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 86.124.212.0 - 86.124.212.255 netname: RO-RDS-FTTX-Craiova descr: Romania Data Systems descr: FTTX Customers - Craiova country: RO role: Romania Data Systems NOC address: 71-75 Dr. Staicovici address: Bucharest / ROMANIA route: 86.120.0.0/13 descr: RDSNET origin: AS8708 mnt-by: AS8708-MNT source: RIPE # Filtered 08 Sep 2007 06:08:20 -0400 Rumania, Motor spam: 86.124.212.240

11 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 11 Received: from [88.244.134.5] (helo=88.244.134.5) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxOA-0006Kj-Jh for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:18:08 -0400 Received: from [88.244.134.5] by ns2.bt.net; Sat, 08 Sep 2007 10:17:49 +0000 Message-ID: From: "garret elissa" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:30:27 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F201.03CA8279" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 88.244.128.0 - 88.244.255.255 netname: TurkTelekom descr: TT ADSL-alcatel dynamic_aci country: tr route: 88.244.128.0/17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT source: RIPE # Filtered 08 Sep 2007 06:18:08 -0400 Turquía, Motor spam: 88.244.134.5

12 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 12 Received: from [212.220.85.126] (helo=pppoe-0382.urtc.ru) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxP4-0006M4-JW for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:19:03 -0400 Received: from [212.220.85.126] by cmtu.mt.ns.els-gms.att.net; Sat, 08 Sep 2007 10:18:49 +0000 Message-ID: From: "jeffrey hong-sup" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:31:26 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F201.02009F24" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 212.220.84.0 - 212.220.85.255 netname: BOOKS10K descr: JSC "10000 books" descr: Ekaterinburg, Lenina st. 49 descr: Russia country: RU route: 212.220.64.0/18 descr: Provider Block for ru.etel origin: AS6828 mnt-by: MFIST-MNT source: RIPE # Filtered 08 Sep 2007 06:19:03 -0400 Rusia, Motor spam: 212.220.85.126

13 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 13 Received: from [90.6.3.153] (helo=ADijon-258-1-20-153.w90-6.abo.wanadoo.fr) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxRx-00074A-BB for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:22:01 -0400 Received: from [90.6.3.153] by eforwardct.name-services.com; Sat, 08 Sep 2007 10:36:13 +0000 Message-ID: From: "jakie gilman" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:48:50 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F204.021E11BC" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 90.6.3.0 - 90.6.3.255 netname: IP2000-ADSL-BAS descr: BSDIJ258 Dijon Bloc 1 country: FR remarks: postmaster@wanadoo.fr AND abuse@wanadoo.fr route: 90.0.0.0/11 descr: France Telecom origin: AS3215 mnt-by: RAIN-TRANSPAC source: RIPE # Filtered 08 Sep 2007 06:22:01 -0400 Fracia, Motor spam: 90.6.3.153

14 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 14 Received: from [88.252.18.172] (helo=88.252.18.172) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxV9-00080P-7B for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:25:22 -0400 Received: from [88.252.18.172] by ns2-auth.sprintlink.net; Sat, 08 Sep 2007 10:25:13 +0000 Message-ID: From: "fraser janet" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:37:50 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C7F202.05287B1C" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 88.252.0.0 - 88.252.127.255 netname: TurkTelekom descr: TT ADSL-meteksan dynamic_ulus country: tr e-mail: abuse@ttnet.net.tr route: 88.252.0.0/17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT source: RIPE # Filtered 08 Sep 2007 06:25:22 -0400 Turquía, Motor spam: 88.252.18.172

15 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 15 Received: from [89.20.148.196] (helo=89.20.148.196) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxWB-00005E-5f for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:26:23 -0400 Received: from [89.20.148.196] by dns1.tirol.com; Sat, 08 Sep 2007 10:26:27 +0000 Message-ID: From: "elden charlie" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:39:04 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F202.06773157" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 89.20.144.0 - 89.20.151.255 netname: DEGUNINO descr: ptp connections country: RU abuse-mailbox: abuse@ti.ru route: 89.20.144.0/21 descr: TI route block origin: AS34691 mnt-by: TI-MNT source: RIPE # Filtered 08 Sep 2007 06:26:23 -0400 Rusia, Motor spam: 89.20.148.196

16 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 16 Received: from [83.29.164.47] (helo=bts47.neoplus.adsl.tpnet.pl) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxWd-00005p-IY for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:26:52 -0400 Received: from [83.29.164.47] by am2.ml.com; Sat, 08 Sep 2007 10:25:41 +0000 Message-ID: From: "artemis je" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:38:19 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7F202.019D6900" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 83.29.0.0 - 83.29.255.255 netname: NEOSTRADA-ADSL descr: Neostrada Plus descr: Krakow country: PL emarks: abuse@tpnet.pl remarks: Abuse and spam notification -> abuse@telekomunikacja.pl address: POLAND route: 83.24.0.0/13 descr: TPNET descr: for abuse: abuse@tpnet.pl origin: AS5617 mnt-by: AS5617-MNT source: RIPE # Filtered 08 Sep 2007 06:26:52 -0400 Polonia, Motor spam: 83.29.164.47

17 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 17 Received: from [41.196.216.35] (helo=host-41-196-216-35.static.link.com.eg) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxaF-0001oc-Q2 for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:30:36 -0400 Received: from [41.196.216.35] by 4ur.com; Sat, 08 Sep 2007 09:30:24 +0000 Message-ID: From: "arvind fritz" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 07:43:02 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7F1FA.05FA607F" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 41.196.129.0 - 41.196.255.255 netname: EG-LINK descr: Link Egypt country: EG remarks: *** For Abuse and complains, please contact abuse@link.net*** 08 Sep 2007 06:30:36 -0400 Egipto, Motor spam: 41.196.216.35

18 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 18 Received: from [87.160.155.117] (helo=p57A09B75.dip0.t-ipconnect.de) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxci-0003Iv-Qs for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:33:09 -0400 Received: from [87.160.155.117] by ns6.secureserver.net; Sat, 08 Sep 2007 10:33:14 +0000 Message-ID: From: "jimbo depeche" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:45:52 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7F203.04126F69" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 87.160.0.0 - 87.186.159.255 netname: DTAG-DIAL21 descr: Deutsche Telekom AG country: DE remarks: * Abuse Contact: http://www.t-com.de/ip-abuse in case of Spam, * e-mail: abuse@t-ipnet.de route: 87.128.0.0/10 descr: Deutsche Telekom AG, Internet service provider origin: AS3320 member-of: AS3320:RS-PA-TELEKOM mnt-by: DTAG-RR source: RIPE # Filtered 08 Sep 2007 06:26:23 -0400 Alemania, Motor spam: 87.160.155.117

19 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 19 Received: from [122.167.140.72] (helo=ABTS-KK-Dynamic-072.140.167.122.airtelbroadband.in) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxha-0004po-UT for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:38:12 -0400 Received: from [122.167.140.72] by ns5.msft.net; Sat, 08 Sep 2007 10:37:56 +0000 Message-ID: From: "jocko fu-zong" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:50:34 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C7F204.0364B898" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 122.167.128.0 - 122.167.191.255 netname: ABTS-KK-DSL-9102-blr descr: India country: IN remarks: d.blr@airtel.in 08 Sep 2007 06:26:23 -0400 Indica, Motor spam: 122.167.140.72

20 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 20 Received: from [77.46.253.216] (helo=77.46.253.216) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxlR-0006fr-OU for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:42:16 -0400 Received: from [77.46.253.216] by ns1.oleane.net; Sat, 08 Sep 2007 10:41:54 +0000 Message-ID: From: "christ bichnga" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:54:32 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C7F204.05A396BA" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 77.46.240.0 - 77.46.255.255 netname: TELEKOM-NET descr: TELEKOM SRBIJA, ADSL users descr: Takovska 2 descr: 11000 BELGRADE SERBIA country: CS Republic of Serbia address: YUGOSLAVIA route: 77.46.128.0/17 descr: TELEKOM-SRBIJA descr: Telekom Srbija Internet Backbone Network origin: AS8400 08 Sep 2007 06:42:16 -0400 Serbia, Motor spam: 77.46.253.216

21 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 21 Received: from [89.142.67.140] (helo=BSN-142-67-140.dial-up.dsl.siol.net) by victima-de-spam.com with esmtp (envelope-from ) id 1ITxm0-00071D-N0 for receiver@victima-de-spam.com; Sat, 08 Sep 2007 06:42:45 -0400 Received: from [89.142.67.140] by ns1.four-soft.com; Sat, 08 Sep 2007 10:42:34 +0000 Message-ID: From: "briant nguyen" To: Subject: Perfectly crafted luxury timepieces Date: Sat, 08 Sep 2007 08:55:12 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C7F204.056489A7" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.2663 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757 X-Spam-Exim: OkPNwxFQqimg2KJUTbXq3UlN inetnum: 89.142.0.0 - 89.143.255.255 org: ORG-SId2-RIPE netname: SI-TELEKOM-20060303 descr: SiOL Internet d.o.o. country: SI address: Slovenia route: 89.142.64.0/18 descr: SiOL.SI, Provider Aggregated Block descr: SiOL d.o.o. descr: Internet Service Provider in Slovenia descr: http://www.siol.net origin: AS5603 08 Sep 2007 06:42:45 -0400 Eslovenia, Motor spam: 89.142.67.140

22 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 22 Visión global La diapositivas anteriores permiten dibujar perfectamente el poder computacional de la botnet contratada para emitir éste spam.

23 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 23 Más información Problemas que ocasiona una PC zombi http://www.jacksecurity.com/blog/2007/09/24/pczombi Soluciones empresariales para infecciones botnet: http://www.jacksecurity.com/files/Brochure-J4.pdf

24 JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 24 Servicios y soluciones JaCkSecurity Consultoría Culturización Verificación 2007 © JaCkSecurity.com Respuesta JaCkHaCk-COnsultoria Servicio de asesoría profesional diseñada para suministrar un juicio experto en materia de las defensas de seguridad de la información Servicio de educación para empresa, destinado a desarrollar al activo más importante de la cadena de la seguridad, su personal JaCkBasis Servicio de pruebas de violación de seguridad informática que busca identificar y certificar el nivel de seguridad y defensas con que cuenta su organización JaCkHaCk-Pentest Servicio de investigación de cómputo, orientada a descubrir quién, cómo y cuándo logró introducirse y dañar en los sistemas de información de una organización víctima JaCknoHaCk JaCkSecurity le ofrece a su empresa una gama completa servicios prácticos de seguridad, contáctenos: info@jacksecurity.cominfo@jacksecurity.com


Descargar ppt "Zombi Spam Revealed Octubre 2007. JaCkCast Oficiales de Seguridad JaCkSecurity © 2004 - 2007, Zombi SPAM al descubierto 2 Introducción Muchos de los correo."

Presentaciones similares


Anuncios Google