The worm pulls emails from files with these extensions (and maybe more) according to Trend: DBX HLP MHT WAB HTML HTM TXT EML Anybody who is infected and has email from you on their machine or your address in one of the file types listed above (for example - someone who reads these lists regularly) can be the source. It would be really nice if servers sent the received headers when bouncing a message. Matt -----Original Message----- From: wirepair [mailto:wirepairat_private] Sent: Tuesday, August 19, 2003 12:44 PM To: incidentsat_private Subject: lots of sobig virus emails. heh anyone else seeing this or am i being targeted. Getting a lot of bounce backs saying i'm sending off virii which is impossible because i'm not infected. It also looks like i'm getting a ton from 'security peoples' email addresses. sans/securityfocus.com/other people. Maybe someone released the virus using a list of people from security lists? -wire -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 21:18:34 PDT