Re: Latest Worm - Why such a flood?

From: Casper H.S. Dik (Casper.Dik_at_Sun.COM)
Date: 09/20/03 

Date: 20 Sep 2003 10:53:12 GMT

"Dave" <dave@nospam.com> writes:

>This latest worm W32.Swen.A@mm (aka W32/Gibe-F ) is a thousand times worse
>than anything I've ever seen. I'm getting a steady stream of about a
>hundred an hour into my public mailbox. My ISP had to cut off all incoming
>messages, because the box now has over 1300 messages, all with 100KB
>attachments. If this is typical, the internet must be clogged with billions
>of these messages.

It's not typical; but I guess we're members of the same select club
(posting to usenet seems to easily earn you such membership).

I'm also at about 100/hour; peaking at around 150/hour last night.

Unfortunately, the virus filter vendors have not yet gotten the smarts
in their filters to drop the "virus generated" message.

>The message headers are faked, but it seems that with this many emails, they
>should be able to locate the sources by just looking at the traffic
>patterns. Most of mine are coming via addresses in Europe.

I haven't looked at the origins closely, but they seem to be from
everywhere.

Casper 

-- 
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Relevant Pages