North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Brace yourselves.. W32/Sobig-F about to mutate...
- From: up
- Date: Fri Aug 22 14:28:28 2003
Just started getting it here...it came from a local Comcast cable user,
and so overwhelmed the mail server, that SpamAssassin and qmail-scanner
stopped scanning it. I had to nullroute that IP to stop it...
it looks like this:
Received: (qmail 77869 invoked from network); 22 Aug 2003 17:39:16 -0000
Received: from unknown (HELO localhost) (188.8.131.52)
by richard2.pil.net with SMTP; 22 Aug 2003 17:39:16 -0000
From: "Microsoft" <email@example.com>
Subject: Use this patch immediately !
1 Shown 3 lines Text
2 9.6 KB Application
3 Shown 0 lines Text
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
On Fri, 22 Aug 2003 Valdis.Kletnieks@vt.edu wrote:
> A quick heads up, if anybody hasn't heard:
> At 1900GMT today, ET phones home, and picks up the next payload of
> instructions. Nobody knows (yet) what they'll be, but SoBig-E erased itself,
> put in a password grabber, and then installed a mail proxy for spammer use.
> This one *may* just play the theme song from Bozo the Clown and erase itself,
> but I severely doubt it's gonna be that nice.
James Smallacombe PlantageNet, Inc. CEO and Janitor