Full Disclosure mailing list archives

Re: SoBig.F strange problem

From: Stephen Clowater <steve () stevesworld hopto org>
Date: Wed, 20 Aug 2003 11:26:05 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I started getting 1000-2000 an hour yesterday, I just went to all the border
routers and put a filter on 25 to drop those connections and send a notice to
the From feild of the smtp query, and a QUIT to the mailserver it was
connecting to.

I'd recomend doing this, its easy to do in freeBSD, all my borders are
 freeBSD so I havent tried it on anything else yet :)

On August 19, 2003 06:24 pm, JT wrote:

Same here, just started getting hit about 2 hrs ago.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
Richard M. Smith
Sent: Tuesday, August 19, 2003 3:51 PM
To: 'Scott Phelps / Dreamwright Studios';
full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] SoBig.F strange problem

Hi Scott,

   >>> Is there some logical explanation why I'm being

singled out here?

According to a news article on Sobig.F, the major innovation in this
version is that it is multi-threaded and sends out messages much
quicker.

My Email account is getting hit pretty badly also.  I'm
getting 5 to 10
copies of Sobig every hour.

Richard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


- - --
- - -

*****************************************************************************
* Stephen Clowater

I fear explanations explanatory of things explained.

The 3 case C++ function to determine the meaning of life:

char *meaingOfLife(){

#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ?
                                                      /dev/null:/dev/random);
#endif

#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif

#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif

return Meaning_of_your_life;

}

*****************************************************************************
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Q4QScyHa6bMWAzYRAppqAJ4pGByZcVF7FVDqQfqpJtmjPzfdDACfagGo
6jfET/qGDFlm+2S0Rosr+DI=
=69Y8
- -----END PGP SIGNATURE-----

- -------------------------------------------------------

- -- 
- -

******************************************************************************
Stephen Clowater

BOFH Excuse #320:

You've been infected by the Telescoping Hubble virus.

The 3 case C++ function to determine the meaning of life:

char *meaingOfLife(){

#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? 
                                                      /dev/null:/dev/random);
#endif

#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif

#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif

return Meaning_of_your_life;

}

*****************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Q4T9cyHa6bMWAzYRAryrAJ9n7bXHMiqolxRqw6fGtj/xyeGR0ACgkUsp
QZdsr3bc74UO2VxriUvxN3g=
=S0vk
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: SoBig.F strange problem, (continued)
- - - Re: SoBig.F strange problem felix . roennebeck (Aug 20)
- Re: SoBig.F strange problem Joseph L. Hood (Aug 19)
- RE: SoBig.F strange problem Rainer Gerhards (Aug 19)
  - RE: SoBig.F strange problem Denis Dimick (Aug 19)
- RE: SoBig.F strange problem Boyer Kristy (Aug 19)
- RE: SoBig.F strange problem Risser, Nathan (BLM) (Aug 19)
- RE: SoBig.F strange problem Bassett, Mark (Aug 19)
  - RE: SoBig.F strange problem Nick FitzGerald (Aug 19)
- RE: SoBig.F strange problem Ferris, Robin (Aug 20)
- RE: SoBig.F strange problem Schmehl, Paul L (Aug 20)
- Re: SoBig.F strange problem Stephen Clowater (Aug 20)
  - Re: [fd] Re: SoBig.F strange problem Mike Vasquez (Aug 20)
  - Re: SoBig.F strange problem Nick FitzGerald (Aug 20)
- RE: SoBig.F strange problem Bassett, Mark (Aug 20)
- RE: SoBig.F strange problem Dowling, Gabrielle (Aug 20)