RE: Sobig.F style email with no attachments
From: Bojan Zdrnja (Bojan.Zdrnja_at_LSS.hr)
Date: 08/24/03
- Previous message: Dowling, Gabrielle: "RE: Sobig.F style email with no attachments"
- In reply to: Rich Puhek: "Sobig.F style email with no attachments"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Rich Puhek'" <rpuhek@etnsystems.com>, <incidents@securityfocus.com> Date: Sun, 24 Aug 2003 15:25:47 +1200
Yes, a lot of people got these.
At the beginning I thought it's misconfigured anti virus servers that are
letting this through.
But later it showed that in some number of cases, Sobig.F will simply send
that e-mail message, without the attachment.
Regards,
Bojan Zdrnja
> -----Original Message-----
> From: Rich Puhek [mailto:rpuhek@etnsystems.com]
> Sent: Friday, 22 August 2003 3:20 a.m.
> To: incidents@securityfocus.com
> Subject: Sobig.F style email with no attachments
>
>
> I've been seeing a handful of emails that look a lot like
> Sobig.F (same
> or similar subjects, same body), but do not contain the attachment.
>
> Does anyone know what's going on? I'm thinking that either:
>
> 1) Someone is using similar messages to probe email accounts
>
> 2) A new version of Sobig is out (perhaps probing accounts
> first, then
> sending the payload later?)
>
> 3) Something is broken with Sobig.F, causing it to fail to
> attach from
> time to time.
>
> I have several copies available if anyone is interested. I haven't
> dissected the headers, etc. to look for similarities or
> differences with
> Sobig.F messages.
>
> --Rich
>
> _________________________________________________________
>
> Rich Puhek
> ETN Systems Inc.
> 2125 1st Ave East
> Hibbing MN 55746
>
> tel: 218.262.1130
> email: rpuhek@etnsystems.com
> _________________________________________________________
>
>
> --------------------------------------------------------------
> -------------
> Attend Black Hat Briefings & Training Federal, September
> 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event. Modeled after the famous Black
> Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and
> sponsors.
> Symantec is the Diamond sponsor. Early-bird registration
> ends September 6.Visit us: www.blackhat.com
> --------------------------------------------------------------
> --------------
>
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Dowling, Gabrielle: "RE: Sobig.F style email with no attachments"
- In reply to: Rich Puhek: "Sobig.F style email with no attachments"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
