Security Incidents mailing list archives
RE: Novarg
From: steve bernacki <virus () f copacetic net>
Date: Fri, 30 Jan 2004 11:17:43 -0500 (EST)
On Wed, 28 Jan 2004, Stephen Warren wrote: [snip]
I also have backup MX using DynDNS (www.dyndns.org). I notice that *all* the copies of the Novarg email are coming in via the backup MX, then being forwarded to my box, despite all other emails (spam, virii/worms and real stuff) all going direct to my box...
I don't recall which of the many recent mailer virii/worms also did this, but it was theorized that this was done intentionally under the hope that a site's backup MX server may not have the same level of A/V scanning that the primary has. Such a scenario could allow the virus to enter through the side door rather than the more heavily guarded main entrance. Steve --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Novarg - Stopping .Zip Files, (continued)
- Re: Novarg - Stopping .Zip Files Bill Pennington (Jan 28)
- RE: Novarg - Stopping .Zip Files Timmothy Posey (Jan 30)
- Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
- Re: Novarg - Stopping .Zip Files Bill Pennington (Jan 28)
- Re: Novarg Dave Laird (Jan 28)
- RE: Novarg Wayne S. Ackley (Jan 28)
- Re: Novarg James Riden (Jan 28)
- RE: Novarg Chris Aguilar (Jan 28)
- RE: Novarg Jeremy Strachan (Jan 28)
- RE: Novarg Stephen Warren (Jan 29)
- Re: Novarg Robin Sheat (Jan 30)
- RE: Novarg steve bernacki (Jan 30)
- Re: Novarg Skip Carter (Jan 30)
- RE: Novarg Duston Sickler (Jan 29)
- RE: Novarg sloppy seconds (Jan 30)
- RE: Novarg Stephen Warren (Jan 29)
- RE: Novarg Robert Morales (Jan 28)
- RE: Novarg Rickert Gerhard (rgerhard) (Jan 29)
- Re: Novarg Ivan Coric (Jan 29)
- RE: Novarg Jeremy Hyland (Jan 30)
- RE: Novarg Ivan Coric (Jan 30)
- Re: Novarg Steve Bremer (Jan 30)