RE: SoBig and some info

["Matthew F. Caldwell" <mattc () guarded net>]

Kevin,

Most mail servers allow relaying from trusted host(s). Trust is gained
through a variety of mechanisms. The two primary ways of doing this are
Access Control List(s) and Authentication. This is done so internal
users can send mail from your organizations email addresses and your
personal email address. A lot of Exchange Servers allow this. 

Matt

Matthew F. Caldwell, CISSP
Founder and CSO 
GuardedNet, Inc. 
www.guarded.net
mattc () guarded net

-----Original Message-----
From: Kevin Saenz [mailto:ksaenz () spinaweb com au] 
Sent: Thursday, August 21, 2003 6:56 PM
To: security-basics () securityfocus com
Subject: SoBig and some info

This current strain of SoBig, seems to be smarter than before.
it seems to be grabbing real email addresses in people's outlook
and using those as spoof accounts. The other thing I have found
is, if that is the case there are thousands of email servers
that are acting as open relays. Can any one correct me if I am
wrong, I am pretty sure this is open to some hot debate. As my question
will be if email servers are not relaying then how can a virus transmit
spoofed email addresses?
I have seen emails bouncing back to me saying that an email from me is
possibly infected and contains an executable .pif the header of the
email from me is Outlook version 6.x. The problem with that is, emails
100% of the time from me are sent by Evolution, a Linux email client.
This has been since Wed Night Australian time or Tuesday morning U.S
time.


-- 
Regards,

Kevin Saenz
 
Spinaweb
I.T consultants
 
Ph: 02 4620 5130
Fax: 02 4625 9243
Mobile: 0418455661
Web: http://www.spinaweb.com.au


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------