RE: lots of sobig virus emails.
From: Adcock, Matt (Matt.Adcock_at_gsccca.org)
Date: 08/20/03
- Previous message: Henderson, Dennis K.: "RE: mod to "killblast.vbs" script"
- Maybe in reply to: wirepair: "lots of sobig virus emails."
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: lots of sobig virus emails."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'wirepair' <wirepair@roguemail.net>, incidents@securityfocus.com Date: Tue, 19 Aug 2003 23:38:38 -0400
The worm pulls emails from files with these extensions (and maybe more)
according to Trend:
DBX
HLP
MHT
WAB
HTML
HTM
TXT
EML
Anybody who is infected and has email from you on their machine or your
address in one of the file types listed above (for example - someone who
reads these lists regularly) can be the source. It would be really nice if
servers sent the received headers when bouncing a message.
Matt
-----Original Message-----
From: wirepair [mailto:wirepair@roguemail.net]
Sent: Tuesday, August 19, 2003 12:44 PM
To: incidents@securityfocus.com
Subject: lots of sobig virus emails.
heh anyone else seeing this or am i being targeted. Getting a lot of bounce
backs saying i'm sending off virii which is impossible
because i'm not infected. It also looks like i'm getting a ton from
'security peoples' email addresses.
sans/securityfocus.com/other people. Maybe someone released the virus using
a list of people from security lists?
-wire
-- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
- Previous message: Henderson, Dennis K.: "RE: mod to "killblast.vbs" script"
- Maybe in reply to: wirepair: "lots of sobig virus emails."
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: lots of sobig virus emails."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
