[Full-disclosure] Re: Anyone with experience w/VirtualMDA?
Thierry at sniff-em.com
Wed Mar 30 20:42:15 BST 2005
Dear JP Garcia,
JG> VirtualMDA seems to do is initiate a telnet session and immediately
JG> quit. I figure that VirtualMDA does this periodically to log and allow
JG> people's dynamic IPs to connect to their servers.
I can confirm it DOES send spam at a rate which was far beyond my
expectations, at times the machine had 30 threads running connecting
to mta servers around the world delivering "Free L0ans" type of emails.
I can confirm:
- It delivers SPAM/UCE/UE.
- It reports to a master server and receives commands and emails.
Generic IDS fingerprints could be created by using the "from email"
field, but I haven't moved any further I just uninstalled and moved
Full-Disclosure is hosted and sponsored by Secunia.