RE: SoBig.F strange problem

["Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>]

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Steve Bremer
> Sent: Thursday, 21 August 2003 1:10 a.m.
> To: full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] SoBig.F strange problem
>
>
> > line). But it seems to be broken in other areas, I think I'm getting
>
> We've noticed a few problems with it as well.  We've received a few e-
> mails with one of the typical Sobig subject lines, only no 
> attachment.  The attachment headers are in the e-mail, so our MUA 
> thinks there is an attachment, but there is just no "body" to the 
> attachment.
>
> Either there are a few broken variants out there sending out e-mail 
> without the payload, or something in-between us and the sender is 
> stripping out the attachment.  It isn't our AV system, since it would 
> quarantine the entire message.
>
> Has anyone else experienced this?

I can confirm this. I can see same thing here, but only a small number of
e-mails.

I believe something in-between me and the sender is stripping out
attachments, as you said, but incorrectly so we're receiving those messages
without the attachment.

I probably don't have to mention specially all those MTA's which are sending
notifications back to (faked) senders.

OTOH, e-mail system stopped ~30.000 Sobig.F viruses in last 12 hours - it's
not bad.

Regards,

Bojan Zdrnja

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html