RE: in case nobody else noticed it, there was a mail worm released today

[Removed per subscriber's request 06/23/09]

This lovely little worm will start beating on the door at www.sco.com come 
Feb 1/04. Interesting huh?

At 09:01 PM 26/01/2004 -0500, Wojtek Zlobicki wrote:

> The worm is being talked about on news.com and all the major virus vendors
> already have advisories on their websites. The worm in my case masqueraded
> as a Mailer Daemon bounce.  Source email address appeared to be valid and
> matching a domain of a website I visited recently (but have not for a long
> time).  Anyone know the worm generates the sending domain.
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Paul
> Vixie
> Sent: Monday, January 26, 2004 8:52 PM
> To: nanog@merit.edu
> Subject: in case nobody else noticed it, there was a mail worm released
> today
>
>
> my copies (500 or so, before i filtered) are in a ~7MB gzip'd mailbox file
> called http://sa.vix.com/~vixie/mailworm.mbox.gz (plz don't fetch that
> unless you need it for comparison or analysis).  there's a high degree of
> splay in the smtp/tcp peer address, and the sender is prepared to try backup
> MX's if the primary rejects it, though it appears to try the MX's in
> priority order.