North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Brace yourselves.. W32/Sobig-F about to mutate...
Just started getting it here...it came from a local Comcast cable user, and so overwhelmed the mail server, that SpamAssassin and qmail-scanner stopped scanning it. I had to nullroute that IP to stop it... it looks like this: Return-Path: <email@example.com> Delivered-To: firstname.lastname@example.org Received: (qmail 77869 invoked from network); 22 Aug 2003 17:39:16 -0000 Received: from unknown (HELO localhost) (220.127.116.11) by richard2.pil.net with SMTP; 22 Aug 2003 17:39:16 -0000 From: "Microsoft" <email@example.com> To: <firstname.lastname@example.org> Subject: Use this patch immediately ! MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="xxxx" Parts/Attachments: 1 Shown 3 lines Text 2 9.6 KB Application 3 Shown 0 lines Text ---------------------------------------- Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected! On Fri, 22 Aug 2003 Valdis.Kletnieks@vt.edu wrote: > A quick heads up, if anybody hasn't heard: > > At 1900GMT today, ET phones home, and picks up the next payload of > instructions. Nobody knows (yet) what they'll be, but SoBig-E erased itself, > put in a password grabber, and then installed a mail proxy for spammer use. > > This one *may* just play the theme song from Bozo the Clown and erase itself, > but I severely doubt it's gonna be that nice. > > http://www.f-secure.com/news/items/news_2003082200.shtml > > James Smallacombe PlantageNet, Inc. CEO and Janitor email@example.com http://3.am =========================================================================