[Scspamcop] Re: This one made me look twice ...
Farelf
user at domain.invalid
Fri Nov 14 09:40:04 EST 2008
Twayne wrote:
> http://www.spamcop.net/sc?id=z2407967528zcc3b7382886681944019171a8a8b66f1z
>
> Is there any point in submitting it? There's nothing there of any use
> is there?
>
> Twayne
>
>
Many of those .cn spamvertized sites resolve to fast-flux botnets, as
the one in that spam does:
C:\Documents and Settings\Steve>nslookup kelb.uiith.cn
...
Non-authoritative answer:
Name: uiith.cn
Addresses: 76.186.185.3, 77.89.73.82, 78.96.28.60, 85.186.205.155
89.134.253.142, 89.135.8.223, 121.159.164.52, 195.182.143.253
Aliases: kelb.uiith.cn
C:\Documents and Settings\Steve>
Usually there's a nominally responsible corporate citizen or two amongst
the unwitting hosts (for instance Comcast, Comcast, RR, Comcast ... but
not necessarily in this case, I haven't checked). While SC will not
resolve the network it will (reluctantly) resolve the top-most address
on the revolving stack.
I confess that in my idle moments I've been known to hit the reload
button a few times until such resolution is achieved and to post the
nslookup results with a covering "Your IP address is part of a fast-flux
botnet" into the notes for the resultant report in the hope that the
abuse handler might actually do something about tracking down the
affected/infected machine, if s(he) feels like a little light diversion
and what I suppose to be a modest technical challenge. Who knows, it
/could/ do some good?
Or the botnets could just keep growing, eventually one of us gets to
have the last uninfected machine in a sea of zombies, like that guy in
Mathieson's "I am legend." Sorry, got carried away there, for a minute :)
More information about the SCspamcop
mailing list