[Full-disclosure] Re: Anyone with experience w/VirtualMDA?

[Thierry Zoller]

Dear JP Garcia,

JG> All
JG> VirtualMDA seems to do is initiate a telnet session and immediately
JG> quit.  I figure that VirtualMDA does this periodically to log and allow
JG> people's dynamic IPs to connect to their servers.

I can confirm it DOES send spam at a rate which was far beyond my
expectations, at times the machine had 30 threads running connecting
to mta servers around the world delivering "Free L0ans" type of emails.

I can confirm:
- It delivers SPAM/UCE/UE.
- It reports to a master server and receives commands and emails.

Generic IDS fingerprints could be created by using the "from email"
field, but I haven't moved any further I just uninstalled and moved
along.

-- 
Thierry Zoller
http://www.sniff-em.com