Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private> Sobig load is increasing: over the past 15 hours I've received 52 copies in my inbox, up from yesterday's 47 in 20 hours (and, as previously noted, well exceeding the previous record for Klez at its height). (On the slightly bright side, spammers seem to have been affected: other spam seems slightly down today :-) As noted, Sobig uses its own SMTP engine, and spoofs both the From and Return- Path headers on a random basis, so that is no indication. Most subject lines I have received have been: Your details Re: Re: My details Thank you! Re: Thank you! Re: That movie Re: Your application Re: Approved Re: Wicked screensaver Others may be found in the lists and detailed descriptions at the URLs below. However, the message body is always "Please see the attached file for details." so that is a reliable indicator. In addition, I've had a look at more headers, and the following two seem to appear in every copy I've received: X-MailScanner: Found to be clean X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Once again, *PLEASE* spread the word: DO NOT OPEN ATTACHMENTS. If in doubt, don't. Sobig uses no special technology beyond this rather simplistic social engineering. (Can anyone tell me: is there any content scanner lazy enough to be bypassed by the X-MailScanner header?) http://www.sophos.com/virusinfo/analyses/w32sobigf.html http://www.f-secure.com/v-descs/sobig_f.shtml ====================== (quote inserted randomly by Pegasus Mailer) rsladeat_private sladeat_private rsladeat_private If you like laws and sausage, you should never watch either being made. - Otto von Bismarck http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 22 2003 - 05:10:06 PDT