The recent flood to rec.photo.digital, news.admin.net-abuse.email, rec.audio.pro,misc.legal

Hello,

It is with some regret that I am posting here to clarify a problem
that your newsgroup and I as the administrator of tsbbearings.net are
experiencing.

You are seeing a lot of annoying, nonsensical, very rude, explicit
post with the following headers:

Organization: TSB Bearings USA
X-Trace: tsbbearings.net 209.51.186.226
Original-NNTP-Posting-Host: 209.51.186.226
X-Complaints-To:
Lines: 61
Newsgroups: microsoft.public.test.here,rec.photo.digital
NNTP-Posting-Host: host32.200-117-180.telecom.net.ar 200.117.180.32

These posts did not originated for tsbbearings.net.
The IP in question is one of our web servers and does not accept or
propagate nntp connections at all. Port 119 is closed.

The person who is doing this is exploiting a computer that has been
compromised by a trojan. that computer is on a dynamic IP address that
belongs to telecom.net.ar. If you would like to compalint to them the
abuse address is:

I apologize for the disruption that has inadvertently been attributed
to my server.

 

I, for one, very much appreciate your courtesy in addressing this
issue.

 

Bowtie doesn't do anything inadvertently. You must have said
something to upset him.

--
gburnore at DataBasix dot Com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
===========================================================================

 

Could Lamie have done this?

 

Unfortunately, no, he’s far too stupid.

--
My little NANAE hangout: http://etaoin.zapto.org
To e-mail me KEEP THE ".nospam" portion of my address !!!

NSA snoop trigger: “When he was a kid, the president of the United Cigar
Stores liked to kill time by throwing water bombs at anthills”.

Have you hugged a cat today???

 

Is there anyway we can block his posts?
Dave Cohen

 

1. Ask your ISP to run cleanfeed, or get their feed from someone who does.

2. Put /^Path:*telecom.net.ar*/ in your killfile.
--scott

 

For me I found it a trivial exercise to simply delete them.

 

"Pete D" wrote ...

While most of the subject lines were clearly garbage, some of them
were realistic enought to fool me. The malware writers are getting
better (unfortunately :-(

 

I am not really sure what the idea of swamping a newsgroup with rubbish but
I guess they have a reason, they probably just need to take the red pill!

 

Further information with regard to the abusive messages posted here.

We have further determined that the posts trojan computer is being
controlled from a US IP address, 71.244.99.41, a Verizon wireless address as
well as 71.123.37.227, a Verizon non-wireless address.

A search has revealed previous posts from an individual to these groups, and
discussions are underway with administrators at Verizon to determine the
culprit involved. The trojan looks to have been shut down, however others
may be in place and so determining the exact source of the abuse is
continuing.

If anyone has further additional information we would be happy to receive
it.

 

I'd prefer that they take the Black Capsule.

 

Think they'd like a visit from Lt. Dish, do you?

 

Well, considering the personality of the average script kiddy, finding
themselves in the position of having to actually do something with a real
woman of that quality would be more likely to do them in than the toxin.

 

I take it as the equivalent of kicking over the privy back
in the Good Old Days (tm). They do it because they can without
being punished and relish the fact that we talk about them.

--- Paul J. Gans