Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

[ot] Fwd: jeem.mail.pv trojan

0 views

Skip to first unread message

Michael Tokarev

unread,

Nov 8, 2002, 7:01:42 PM11/8/02

-------- Original Message --------
Subject: jeem.mail.pv trojan
Date: Sat, 09 Nov 2002 02:29:34 +0300
From: Michael Tokarev <m...@tls.msk.ru>
Organization: Telecom Service, JSC
To: m...@tls.msk.ru
Newsgroups: news.admin.net-abuse.email

[Bcc'd to several parties]

Recently, spammers started to use trojaned winbloze machines
to send their crap out. Currently, I know one spammer who
does this - mlist.ru (currently down). Below is a list of
IP addresses of machines infected by this trojan horse and
ready to send spam. On the left column, there is an IP address,
second column is where smtp server is listening: this is a
trivial open relay listening on non-standard port number,
it identifies itself as jeem.mail.pv. The rest are other
open ports on that IP addres, for reference. It seems that
this trojan listens for smtp on one port and listens on
two other ports as well, probably for it's control.
The list below verified in last two days, but some machines
are running not all the day, and may be down sometimes.

Any information about this trojan horse is apprecated, esp.
a way to detect those machines/trojans.

/mjt

66.25.8.58 7506 8520 8741 9664
12.219.63.37 7506 8520 8741
24.69.110.2 4668 5262 6079
24.166.91.36 8220 5101 8814 9631
128.111.73.123 4620 5634 5855
12.237.156.117 7554 5101 8148 8965
12.221.130.12 7554 8148 8965
140.184.82.200 5778 6372 7189 7384
131.123.81.207 5134 5748 6307
140.247.28.30 4119 5113 5381 9878
160.79.7.226 8172 9186 9407 5101
204.210.130.214 4668 5262 6079 1033
207.192.219.7 7554 8148 8965 5101
207.6.207.90 7216 7810 8627
207.71.193.31 4668 5262 5679 6079
212.125.197.35 5567 6561 6829 1027 1214 2065
24.126.115.170 4668 5262 6079
24.127.18.170 4668 5262 6079
24.138.30.109 5730 6744 6925 6965
24.157.108.181 8464 9578 9817 1311
24.159.115.73 7016 8130 8369 8765 1214
24.217.167.8 8453 9447 9715
24.51.28.137 7016 8130 8369
24.53.218.209 7016 8130 8369
24.55.104.143 6012 7126 7365
24.55.195.15 8220 8814 9631
66.168.50.137 8220 8814 9631 1214 2263
66.75.36.149 4668 5262 6079
68.1.67.110 7506 8520 8741
68.63.140.16 7016 8130 8369
80.198.52.156 4563 4662 4822 5557 5825 6060
80.33.255.143 7554 8148 8965 9194
24.52.197.228 7016 8130 8369 1214 2480
24.55.67.48 8464 9578 9817 5017 5101
68.55.129.42 8220 8814 9631
200.46.79.27 7554 8148 8965 2301
24.49.51.241 7016 8130 8369 9193
62.194.255.249 8104 8698 9515 7340
80.48.13.13 6328 6922 7739 7777 1214
66.186.235.5 7554 8148 8965 5101 7022
129.174.179.143 7016 5017 8130 8369
12.225.9.76 4668 1214 3888 5262 6079
68.84.56.136 8220 8814 9631
24.157.191.53 4668 5262 6079
65.33.75.2 8220 8814 9631

0 new messages