Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Brace yourselves.. W32/Sobig-F about to mutate...

  • From: up
  • Date: Fri Aug 22 14:28:28 2003

Just started getting it came from a local Comcast cable user,
and so overwhelmed the mail server, that SpamAssassin and qmail-scanner
stopped scanning it.  I had to nullroute that IP to stop it...

it looks like this:

Return-Path: <>
Received: (qmail 77869 invoked from network); 22 Aug 2003 17:39:16 -0000
Received: from unknown (HELO localhost) (
  by with SMTP; 22 Aug 2003 17:39:16 -0000
From: "Microsoft" <>
To: <>
Subject: Use this patch immediately !
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx"
   1 Shown      3 lines  Text
   2          9.6 KB     Application
   3 Shown      0 lines  Text

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

On Fri, 22 Aug 2003 wrote:

> A quick heads up, if anybody hasn't heard:
> At 1900GMT today, ET phones home, and picks up the next payload of
> instructions.  Nobody knows (yet) what they'll be, but SoBig-E erased itself,
> put in a password grabber, and then installed a mail proxy for spammer use.
> This one *may* just play the theme song from Bozo the Clown and erase itself,
> but I severely doubt it's gonna be that nice.

James Smallacombe		      PlantageNet, Inc. CEO and Janitor	

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.