Finally, there is a substantial decrease in Zombie originated spam from VOL’s residential ranges. This may be due to greater responsiveness on the part of Verizon. It may also be due (at least in part) to the increased awareness and greater use of AV scanners as a result of the latest Microsoft WMF exploit. At this time, we are tracking no zombies from Verizon space. If that continues, we will remove the advisory.
Since November 24, 2005, I have been trying to get Verizon to do something about this zombie which is a static IP address. Our numerous complaints remain unresolved, unanswered and, presumably, in Verizon’s “abuse department” black hole.
November 23, 2005:
On of my pet peeves with Verizon is Sky Advertising (18.104.22.168 – 22.214.171.124); all with forged headers (including HELO as recipient domain and random, non-existent sender). Clearly, a CanSpam violator. Now they are not only a criminal organization but their server is compromised (it has become a zombie). While not on most RBLs, blocking 126.96.36.199/28 is a very good idea.
Complaints to Verizon not only don’t get action; They are not even acknowledged.
Verizon has become heavily infiltrated with Zombies – primarily in dynamic space. Fortunately, Verizon has done one thing right by clearly identifying the vast majority of their dynamic hosts as “pool.*\.verizon\.net.
Verizon demonstrated leadership in blocking port 80 to prevent most of their residential customers from running web servers. Now they need to take it a step further by blocking port 25 except to their own mail servers.
If you are receiving spam from Verizon dynamic users, please correspond with firstname.lastname@example.org and reference this URL.