Full Disclosure mailing list archives
RE: SoBig.F strange problem
From: "Ben Nelson" <lists () venom600 org>
Date: Wed, 20 Aug 2003 22:03:39 -0600
On August 20, 7:09 am "Steve Bremer" <steveb () nebcoinc com> wrote:
line). But it seems to be broken in other areas, I think I'm gettingWe've noticed a few problems with it as well. We've received a few e- mails with one of the typical Sobig subject lines, only no attachment. The attachment headers are in the e-mail, so our MUA thinks there is an attachment, but there is just no "body" to the attachment. Either there are a few broken variants out there sending out e-mail without the payload, or something in-between us and the sender is stripping out the attachment. It isn't our AV system, since it would quarantine the entire message. Has anyone else experienced this? Steve Bremer NEBCO, Inc. System & Security Administrator _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
I can confirm this behavior. On my production mail servers we have seen a lot of messages that meet the criteria you stated above. I think there are some mail clients out there that are resending the message but removing the file attachment. I've also seen quite a few messages that have what appears to be a truncated version of the malicious attachment or a replacement all-together (which contains a few lines of some random character strings). All told, in the last 4 hours we've 'quarantined' ~20,000 SoBig emails. --Ben _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SoBig.F strange problem Scott Phelps / Dreamwright Studios (Aug 19)
- RE: SoBig.F strange problem Richard M. Smith (Aug 19)
- RE: SoBig.F strange problem Scott Phelps / Dreamwright Studios (Aug 19)
- RE: SoBig.F strange problem Richard M. Smith (Aug 19)
- RE: SoBig.F strange problem Steve Bremer (Aug 20)
- RE: SoBig.F strange problem Marcus Graf (Aug 20)
- RE: SoBig.F strange problem Mike Vasquez (Aug 20)
- Re: SoBig.F strange problem Jeremiah Cornelius (Aug 20)
- Re: SoBig.F strange problem Scott M. Algatt (Aug 20)
- RE: SoBig.F strange problem Scott Phelps / Dreamwright Studios (Aug 19)
- RE: SoBig.F strange problem Bojan Zdrnja (Aug 20)
- RE: SoBig.F strange problem Ben Nelson (Aug 20)
- RE: SoBig.F strange problem Richard M. Smith (Aug 19)
- Re: SoBig.F strange problem Anthony Saffer (Aug 19)
- Re: SoBig.F strange problem Stephen Clowater (Aug 20)
- Re: SoBig.F strange problem felix . roennebeck (Aug 20)
- <Possible follow-ups>
- RE: SoBig.F strange problem Rainer Gerhards (Aug 19)
- RE: SoBig.F strange problem Denis Dimick (Aug 19)
- RE: SoBig.F strange problem Boyer Kristy (Aug 19)
- RE: SoBig.F strange problem Risser, Nathan (BLM) (Aug 19)
- RE: SoBig.F strange problem Bassett, Mark (Aug 19)