According to an av vendor who posted on AVIEN, 10 percent of the emails generated by sobig do not include the infected attachment. I apologize that I do not recall the vendor name at the moment, but I can say we have been obseving this same phenomenon.... G -----Original Message----- From: Rich Puhek Sent: Sat Aug 23 16:53:24 2003 To: incidentsat_private Subject: Sobig.F style email with no attachments I've been seeing a handful of emails that look a lot like Sobig.F (same or similar subjects, same body), but do not contain the attachment. Does anyone know what's going on? I'm thinking that either: 1) Someone is using similar messages to probe email accounts 2) A new version of Sobig is out (perhaps probing accounts first, then sending the payload later?) 3) Something is broken with Sobig.F, causing it to fail to attach from time to time. I have several copies available if anyone is interested. I haven't dissected the headers, etc. to look for similarities or differences with Sobig.F messages. --Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: rpuhekat_private _________________________________________________________ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- ********************************************************************** This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately. *********************************************************************** --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 08:18:15 PDT