anyone else get this spam?

These are old archives. They are kept for historic purposes only.
Post Reply
DarkBlood
Posts: 47
Joined: Fri Aug 05, 2005 3:04 pm

anyone else get this spam?

Post by DarkBlood » Fri Sep 30, 2005 3:39 am

Hello, I've been recently seeing a lot of these spammers. About 4 a week.

A client joins and says
"..:: I'm infected with I-Worm.Blooger.A coded by CyBeR_AciD ::..[spam url]"

It's different nicknames all the time.. the client joins then quits.. So I think it's a bot.

But anyway, for the spam "spam url", there is a different URL all the time and the URL is an IP not a hostname.

So, anyone ever get that kind of spam?

aquanight
Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight » Fri Sep 30, 2005 4:39 pm

If it's an IP it's pretty easy to filter. I think it's probably more than likely that at least all these trojans that spam themselves with "constantly-changing-IP" stuff that the IP is more than likely the spammer's IP ;) . (As in: listen on port 80, connect to server, get IP from server, spam it in URL, listen for GET requests, reply with MSHTML exploit + virus or something.)

Anyway, as for filtering it:

/spamfilter + pcnNPq gline 1d Infected_with_virus_please_clean. http://(\d{1,3}\.){3}\d{1,3}(:\d+)?/

Post Reply