RE: lots of sobig virus emails.

From: Adcock, Matt (Matt.Adcockat_private)
Date: Tue Aug 19 2003 - 20:38:38 PDT

Next message: Brian Benitez: "Re: possible 0-day exploit for latest Real-/Helixserver 9.0.2.794"

Previous message: Henderson, Dennis K.: "RE: mod to "killblast.vbs" script"
Maybe in reply to: wirepair: "lots of sobig virus emails."
Next in thread: Valdis.Kletnieksat_private: "Re: lots of sobig virus emails."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The worm pulls emails from files with these extensions (and maybe more)
according to Trend:

DBX 
HLP 
MHT 
WAB 
HTML 
HTM 
TXT 
EML

Anybody who is infected and has email from you on their machine or your
address in one of the file types listed above (for example - someone who
reads these lists regularly) can be the source.  It would be really nice if
servers sent the received headers when bouncing a message.

Matt

-----Original Message-----
From: wirepair [mailto:wirepairat_private] 
Sent: Tuesday, August 19, 2003 12:44 PM
To: incidentsat_private
Subject: lots of sobig virus emails.

heh anyone else seeing this or am i being targeted. Getting a lot of bounce
backs saying i'm sending off virii which is impossible 
because i'm not infected. It also looks like i'm getting a ton from
'security peoples' email addresses. 
sans/securityfocus.com/other people. Maybe someone released the virus using
a list of people from security lists?
-wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

Next message: Brian Benitez: "Re: possible 0-day exploit for latest Real-/Helixserver 9.0.2.794"
Previous message: Henderson, Dennis K.: "RE: mod to "killblast.vbs" script"
Maybe in reply to: wirepair: "lots of sobig virus emails."
Next in thread: Valdis.Kletnieksat_private: "Re: lots of sobig virus emails."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 21:18:34 PDT