North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Brace yourselves.. W32/Sobig-F about to mutate...
Just started getting it here...it came from a local Comcast cable user, and so overwhelmed the mail server, that SpamAssassin and qmail-scanner stopped scanning it. I had to nullroute that IP to stop it... it looks like this: Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 77869 invoked from network); 22 Aug 2003 17:39:16 -0000 Received: from unknown (HELO localhost) (68.32.237.213) by richard2.pil.net with SMTP; 22 Aug 2003 17:39:16 -0000 From: "Microsoft" <[email protected]> To: <[email protected]> Subject: Use this patch immediately ! MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="xxxx" Parts/Attachments: 1 Shown 3 lines Text 2 9.6 KB Application 3 Shown 0 lines Text ---------------------------------------- Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected! On Fri, 22 Aug 2003 [email protected] wrote: > A quick heads up, if anybody hasn't heard: > > At 1900GMT today, ET phones home, and picks up the next payload of > instructions. Nobody knows (yet) what they'll be, but SoBig-E erased itself, > put in a password grabber, and then installed a mail proxy for spammer use. > > This one *may* just play the theme song from Bozo the Clown and erase itself, > but I severely doubt it's gonna be that nice. > > http://www.f-secure.com/news/items/news_2003082200.shtml > > James Smallacombe PlantageNet, Inc. CEO and Janitor [email protected] http://3.am =========================================================================
|