rconner Posted June 19, 2007 Share Posted June 19, 2007 Two citations from Yahoo! News and Yahoo! Tech regarding the FBI's "Operation Bot Roast." The former ties in the Bob Soloway prosecution (a direct link I wasn't aware of), while the second (an "expert" blogger) advises people to check their 'sent messages' spool to see whether their machines sent any spam (which is not helpful, since the bot software doesn't make use of users' mail programs, and such advice could give people a false feeling of security). -- rick Link to comment Share on other sites More sharing options...
bobbear Posted June 21, 2007 Share Posted June 21, 2007 <snip> while the second (an "expert" blogger) advises people to check their 'sent messages' spool to see whether their machines sent any spam (which is not helpful, since the bot software doesn't make use of users' mail programs, and such advice could give people a false feeling of security). -- rick Quite right - as if a zombie SMTP engine is going to leave a copy of its spam in the OE Sent Items folder! I suppose the guy's knowledge is pretty good for Yahoo tech, (kingdom of the blind & all that...). It used to be next to impossible to get the Yahoo abuse teams to comprehend how a 419er could use a Yahoo response address without sending his spam via Yahoo webmail, and as for getting criminal fraud domains removed from their botnet lookalike 'Small Business Network'....... Link to comment Share on other sites More sharing options...
rconner Posted June 21, 2007 Author Share Posted June 21, 2007 ... as for getting criminal fraud domains removed from their botnet lookalike 'Small Business Network'....... Hmm, that must be why I used to get a lot of spam for child porn tracing to private domains and Yahoo servers, n'est ce pas? I always wondered how stupid Yahoo! had to be in order to keep selling hosting to the same international criminals. -- rick Link to comment Share on other sites More sharing options...
bobbear Posted June 22, 2007 Share Posted June 22, 2007 Hmm, that must be why I used to get a lot of spam for child porn tracing to private domains and Yahoo servers, n'est ce pas? I always wondered how stupid Yahoo! had to be in order to keep selling hosting to the same international criminals. -- rick More than likely - this is the sort of network I've come across quite a few times: ==============Server===========DNS 'A' Record Response (Site host IPs)==== yns1.yahoo.com [66.218.71.205] 69.147.83.150 69.147.83.151 69.147.83.152 69.147.83.153 69.147.83.154 69.147.83.155 yns2.yahoo.com [216.109.116.20] 69.147.83.146 69.147.83.159 69.147.83.176 69.147.83.177 69.147.83.178 69.147.83.179 The network uses a set of 34 Yahoo/Geocities IPs from 69.147.83.146 to 69.147.83.179 to host domains on a fast rotating basis controlled by Yahoo nameservers yns1.yahoo.com [66.218.71.205] & yns2.yahoo.com [216.109.116.20] When I've looked up the domains hosted on that network, (which seems to use the same sort of software as a zombie botnet controller, only rotating much faster), there seem to be an appreciable number of very dubious domains hosted, including the money laundering fraud ones I got removed.... It seems to be Yahoo's idea of a "Small Business Network", (no questions asked.....). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.