Heise Online Reveals Trojan / Spam Connection

yourruinreverse writes "Virus distributors have been caught red-handed selling IP addresses of trojan-infected machines by editors of the German IT magazine c't. Several individuals appear to have been arrested already after c't, revealing one of the virus writer's nationality as British, passed on the information to Scotland Yard. Check out the German article first, then its translation on Groklaw and maybe also same translation posted in the English section of the Heise website (in order of appearance)."

Re:So, I suppose the next question is...

[Bender+Unit+22]

Although not quite what you wanted dshield has a page where you can see if your machine has been reported as scanning others.
They also has a banner you can add to your site that shows a warning if the viewers ip is in the list. But if fear that people will ignore that and mistake if for the "Warning, your machine is broadcasting an IP..." ad. that used to run.
also check out mynetwatchman

Re:So, I suppose the next question is...

[26199]

That's exactly what tools like nessus are for.

Re:And the network operaters still do nothing

[kiolbasa]

I'll bet dollars for doughnuts Comcast and Road Runner never see their own IPs when they do queries on that spammer's domain. I first learned of this trick from NANAE poster "Spamless," so you can look it up for a more thorough explanation (can't find it myself just now). The short story is that the spammer's DNS responds differently depending on the IP that makes the request. When the ISP checks those DNS records, they get something in South America, or China, or another ISP, anything other than them. The cable modem machine is just a proxy.

It takes a little more effort to track down what is going on, and large broadband ISP's abuse desks are probably too swamped - which should be no excuse.