Weird to: addresses
Matt Kettler
mkettler at evi-inc.com
Wed Sep 27 22:13:25 IST 2006
Ugo Bellavance wrote:
> Hi,
>
> We are receiving a lot of messages for invalid, weird addresses,
> containing spaces and numbers, like this one:
>
> Milter: to=< 3 mcfarlandmcfarlandju at cmq.qc.ca>, reject=553 5.1.3
> invalid local part
>
> Anyone got these?
>
Yes. Constantly.
I've been getting dictionary attacks more-or-less constantly for 3 years or so
now. It seems to be a trend from the latest viruses to spend their spare time
trying to brute-force new addresses. At one point I configured a frequently hit
one to dump to a trap mailbox, and it was a mail-virus.
Some matching this pattern from today:
Sep 27 14:57:21 <sewereymnd at evi-inc.com>... User unknown
Sep 27 15:00:52 <biophysicalqueou at evi-inc.com>... User unknown
Sep 27 15:01:38 <biracialaje at evi-inc.com>... User unknown
Sep 27 15:03:05 <gasser at evi-inc.com>... User unknown
Sep 27 15:17:01 <vocwaxu at evi-inc.com>... User unknown
Sep 27 15:28:15 <generallyium at evitechnology.com>... User unknown
Sep 27 15:28:27 <leanestngltay at evitechnology.com>... User unknown
Sep 27 16:22:52 <skinnydutga at evitechnology.com>... User unknown
Sep 27 17:01:26 <fassociatedte at evi-inc.com>... User unknown
And one from last month:
Aug 27 04:23:11 <rescuedetbpga at evitechnology.com>... User unknown
And from January of this year:
Jan 2 04:20:44 <annunciatorsckaie at evitechnology.com>... User unknown
Amidst thousands per day.
More information about the MailScanner
mailing list