Most of the time, a spammer connecting to the open proxy server will try to send an initial email in order to check how the proxy is working. This moment can be crucial if you want to fool him properly. Here is an example of a TCP session from a spammer who connected to my fake Web proxy (port 8080). You will see that he tried to bounce to an SMTP server (CONNECT ?.:25) and then tried to send an email. The body of the mail is quite ridiculous because it tries to fool a potential recipient of the email by saying that it’s for a meeting. Who could really think that such an email — sent over a TCP session on a lost proxy server — is a real one? Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.