RE: Sobig.F style email with no attachments
From: Dowling, Gabrielle (dowlingg_at_sullcrom.com)
Date: 08/24/03
- Previous message: Rob Shein: "RE: Increasing ICMP Echo Requests"
- Maybe in reply to: Rich Puhek: "Sobig.F style email with no attachments"
- Next in thread: Bojan Zdrnja: "RE: Sobig.F style email with no attachments"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 24 Aug 2003 00:25:14 -0400 To: "Rich Puhek" <rpuhek@etnsystems.com>, <incidents@securityfocus.com>
According to an av vendor who posted on AVIEN, 10 percent of the emails generated by sobig do not include the infected attachment. I apologize that I do not recall the vendor name at the moment, but I can say we have been obseving this same phenomenon....
G
-----Original Message-----
From: Rich Puhek
Sent: Sat Aug 23 16:53:24 2003
To: incidents@securityfocus.com
Subject: Sobig.F style email with no attachments
I've been seeing a handful of emails that look a lot like Sobig.F (same
or similar subjects, same body), but do not contain the attachment.
Does anyone know what's going on? I'm thinking that either:
1) Someone is using similar messages to probe email accounts
2) A new version of Sobig is out (perhaps probing accounts first, then
sending the payload later?)
3) Something is broken with Sobig.F, causing it to fail to attach from
time to time.
I have several copies available if anyone is interested. I haven't
dissected the headers, etc. to look for similarities or differences with
Sobig.F messages.
--Rich
_________________________________________________________
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: rpuhek@etnsystems.com
_________________________________________________________
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the
intended recipient, please delete the e-mail and notify us
immediately.
***********************************************************************
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Rob Shein: "RE: Increasing ICMP Echo Requests"
- Maybe in reply to: Rich Puhek: "Sobig.F style email with no attachments"
- Next in thread: Bojan Zdrnja: "RE: Sobig.F style email with no attachments"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
