On 10/26/2015 05:30 AM, Rich Kulawiec via Outages wrote:
I sent a message to the NANOG mail adminstration team asking them to throw the "emergency moderation" flag. This is a switch inside Mailman (the piece of software that runs the NANOG lists) which causes all incoming list traffic to be held for manual approval. When stuff like this happens, it's a fast way to stop the bleeding.
I've had no response to that and am also still (8:30 AM EDT) observing a steady flow of outbound spam via NANOG. Note that this is part of a much larger attack: so far, I've seen the same thing on about 15 other mailing lists. Whether all of these were launched by the same entity is unknown, but the patterns match quite closely, so that's certainly a possibility.
I looked at five or six to the Outages list yesterday in detail. After the appropriate wgets and less'es those all seemed to point back to avazunic [dot] com which is registered in -- wait for it -- CN... - John --