Full Disclosure mailing list archives
Re: SoBig.F strange problem
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 21 Aug 2003 12:16:12 +1200
Stephen Clowater <steve () stevesworld hopto org> joined the "Clueless in Seattle" brigade with:
I started getting 1000-2000 an hour yesterday, I just went to all the border routers and put a filter on 25 to drop those connections and send a notice to the From feild of the smtp query, and a QUIT to the mailserver it was connecting to.
This virus, like nearly every vaguely "successful" self-mailing virus for the last two or more years forges the From: header _and_ the SMTP envelope From:. Your "solution" is only adding to the problem by increasing the unnecessary bandwidth needlessly used by this virus _and_ confusing the hell out of a lot of perfectly innocent bystanders you have now accused of being virus-infected.
I'd recomend doing this, its easy to do in freeBSD, all my borders are freeBSD so I havent tried it on anything else yet :)
I'd recommend you pull your head out of your BSD (Big, Smelly, Dumb) arse, pick up the clue-stick and beat yourself senseless with it. When you come round, have your colleagues repeat the procedure on you. Sheeesh... Unix bigot "experts" -- it's a good thing for you Unix is not the preferred OS on the Internet or yesterday's thread about clueless MCSEs would have been about you and your buddy clueless UCSEs... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SoBig.F strange problem, (continued)
- RE: SoBig.F strange problem Rainer Gerhards (Aug 19)
- RE: SoBig.F strange problem Denis Dimick (Aug 19)
- RE: SoBig.F strange problem Boyer Kristy (Aug 19)
- RE: SoBig.F strange problem Risser, Nathan (BLM) (Aug 19)
- RE: SoBig.F strange problem Bassett, Mark (Aug 19)
- RE: SoBig.F strange problem Nick FitzGerald (Aug 19)
- RE: SoBig.F strange problem Ferris, Robin (Aug 20)
- RE: SoBig.F strange problem Schmehl, Paul L (Aug 20)
- Re: SoBig.F strange problem Stephen Clowater (Aug 20)
- Re: [fd] Re: SoBig.F strange problem Mike Vasquez (Aug 20)
- Re: SoBig.F strange problem Nick FitzGerald (Aug 20)
- RE: SoBig.F strange problem Bassett, Mark (Aug 20)
- RE: SoBig.F strange problem Dowling, Gabrielle (Aug 20)
- RE: SoBig.F strange problem Rainer Gerhards (Aug 19)