On 04/01/11 04:04, Ken Chase wrote:
I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam.
Connection and rejection counts have been going bonkers of late for me. I run filters for a number of small businesses so I don't see huge amounts of traffic, but it's usually fairly regular in volume of mail and rejected attempts. Leading up to the 21nd of December, it was fairly level but low at 60-90% normal volume of rejections per day, then the 22nd went to 200% followed by a low of 30-50% normal for 23-29th. On the 30th through the 1st of Jan, the Storm? bot went nuts and rejections went to at least 500% normal (entirely on cheap checks - HELO, rDNS). After that, I had to go double check the mail servers were actually running all the time as rejection counts hit 2-10% normal. I haven't seen an obvious Storm bot type connection since. Did someone kill the botnet? Or have the the virus writers finally decided to chance tack? Or have they hunted out all the servers that reject every single attempt and no longer send to them? The only thing I can be certain of, is that they'll be back and my spam levels will be back to normal sometime soon.