Yes, a lot of people got these. At the beginning I thought it's misconfigured anti virus servers that are letting this through. But later it showed that in some number of cases, Sobig.F will simply send that e-mail message, without the attachment. Regards, Bojan Zdrnja > -----Original Message----- > From: Rich Puhek [mailto:rpuhekat_private] > Sent: Friday, 22 August 2003 3:20 a.m. > To: incidentsat_private > Subject: Sobig.F style email with no attachments > > > I've been seeing a handful of emails that look a lot like > Sobig.F (same > or similar subjects, same body), but do not contain the attachment. > > Does anyone know what's going on? I'm thinking that either: > > 1) Someone is using similar messages to probe email accounts > > 2) A new version of Sobig is out (perhaps probing accounts > first, then > sending the payload later?) > > 3) Something is broken with Sobig.F, causing it to fail to > attach from > time to time. > > I have several copies available if anyone is interested. I haven't > dissected the headers, etc. to look for similarities or > differences with > Sobig.F messages. > > --Rich > > _________________________________________________________ > > Rich Puhek > ETN Systems Inc. > 2125 1st Ave East > Hibbing MN 55746 > > tel: 218.262.1130 > email: rpuhekat_private > _________________________________________________________ > > > -------------------------------------------------------------- > ------------- > Attend Black Hat Briefings & Training Federal, September > 29-30 (Training), > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier > technical IT security event. Modeled after the famous Black > Hat event in > Las Vegas! 6 tracks, 12 training sessions, top speakers and > sponsors. > Symantec is the Diamond sponsor. Early-bird registration > ends September 6.Visit us: www.blackhat.com > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 08:19:19 PDT