So far I have not seen one case of someone I know informing me that I
have sent a message to them with a virus included. They have all been from strangers,
which is one reason they get trapped by my filters.
As best I can tell, all the to and from addresses are randomly selected.
Cheers...\Ste
See below;-)...\Stef
At 0:52 +0100 8/31/03, Tim Chown wrote:
>On Sat, Aug 30, 2003 at 05:25:19PM -0400, Dean Anderson wrote:
> >
> > The Virus writer obviously went to some trouble to pick valid addresses.
> > It stands to reason that they expect that someone is getting mail to these
> > addresse
On Sat, 30 Aug 2003 00:00:45 EDT, shogunx said:
> On Sat, 30 Aug 2003, Dean Anderson wrote:
>
> > Open source kernels aren't immune. They just aren't at focus this time.
>
> If a worm is executing visual basic code, then i think i am pretty darn
> immune.
Google for the Lion worm, and quit smirk
On Sun, 31 Aug 2003, Tim Chown wrote:
> On Sat, Aug 30, 2003 at 05:25:19PM -0400, Dean Anderson wrote:
> >
> > The Virus writer obviously went to some trouble to pick valid addresses.
> > It stands to reason that they expect that someone is getting mail to these
> > addresses. It also stands to
On Sun, 31 Aug 2003 [EMAIL PROTECTED] wrote:
> On Sat, 30 Aug 2003 00:00:45 EDT, shogunx said:
> > On Sat, 30 Aug 2003, Dean Anderson wrote:
> >
> > > Open source kernels aren't immune. They just aren't at focus this time.
> >
> > If a worm is executing visual basic code, then i think i am pretty
On Sat, 30 Aug 2003, Dean Anderson wrote:
> Open source kernels aren't immune. They just aren't at focus this time.
If a worm is executing visual basic code, then i think i am pretty darn
immune.
>
> Have fun with the sandwich. ;-)
>
It was wonderful.
> --Dean
>
> On Fri, 29 Aug
On Sat, Aug 30, 2003 at 05:25:19PM -0400, Dean Anderson wrote:
>
> The Virus writer obviously went to some trouble to pick valid addresses.
> It stands to reason that they expect that someone is getting mail to these
> addresses. It also stands to reason that the abuser expects those persons
> to
Open source kernels aren't immune. They just aren't at focus this time.
Have fun with the sandwich. ;-)
--Dean
On Fri, 29 Aug 2003, shogunx wrote:
> On Sat, 30 Aug 2003, Dean Anderson wrote:
>
> How beautiful to be immune behind an open-source kernel;) The rest of the
> world w
On Sat, 30 Aug 2003, Dean Anderson wrote:
How beautiful to be immune behind an open-source kernel;) The rest of the
world worries. I eat a sandwich.
Scott
>
>
> On Fri, 29 Aug 2003, David Frascone wrote:
>
> > With the current virii usually forging the from field with random
> > addresses fro
On Fri, 29 Aug 2003, David Frascone wrote:
> With the current virii usually forging the from field with random
> addresses from its victim's address book, I turned off my virus
> scanner's warning to the senders . . I only send a polite note to the
> intended recipient.
Don't do that. That is q
> From: "Christian Huitema" <[EMAIL PROTECTED]>
> ...
> Yes. Maybe not a full MTA, but definitely enough to format messages and
> execute SMTP. ...
What do you mean by "execute SMTP"? Does it interpret and respond to
SMTP response codes to its SMTP commands or just open a TCP connection
and send
>> By the way, the worm does not only include its own SMTP service. It
>> seems to also include its own DNS code, probably in order to get the
MX
>> records of its targets. This DNS agent is parameterized to start any
>> look-up at the A-root, with the side effect of overloading this root
>> server
Christian Huitema wrote:
>By the way, the worm does not only include its own SMTP service. It
>seems to also include its own DNS code, probably in order to get the MX
>records of its targets. This DNS agent is parameterized to start any
>look-up at the A-root, with the side effect of overloading th
>> >> Can't we just hack the mailman configs to dump mails with X-sender
>> value
>> >> of outlook or outlook express? That would solve the problem, no;)
>> >
>> > Well, the only problem with that idea is that we explicitly do
*NOT*
>> have > a "Your clue must be ->THIS<- tall to ride the IETF li
On Fri, 29 Aug 2003, Christian Huitema wrote:
> >> Can't we just hack the mailman configs to dump mails with X-sender
> value
> >> of outlook or outlook express? That would solve the problem, no;)
> >
> > Well, the only problem with that idea is that we explicitly do *NOT*
> have > a "Your clue m
>> Can't we just hack the mailman configs to dump mails with X-sender
value
>> of outlook or outlook express? That would solve the problem, no;)
>
> Well, the only problem with that idea is that we explicitly do *NOT*
have > a "Your clue must be ->THIS<- tall to ride the IETF list"
policy... ;)
> I still say we should have put this in the "security considerations" in RFC1341:
It's pretty difficult to miss the ones that are already there - which certainly
would have been sufficient to stop Sobig had they been heeded.
On Thu, 28 Aug 2003 22:14:26 EDT, shogunx said:
> Can't we just hack the mailman configs to dump mails with X-sender value
> of outlook or outlook express? That would solve the problem, no;)
Well, the only problem with that idea is that we explicitly do *NOT* have a
"Your clue must be ->THIS<- ta
Can't we just hack the mailman configs to dump mails with X-sender value
of outlook or outlook express? That would solve the problem, no;)
Scott
On Fri, 29 Aug 2003 [EMAIL PROTECTED] wrote:
> On Fri, 29 Aug 2003 19:30:44 CDT, David Frascone <[EMAIL PROTECTED]> said:
>
> > 'course, I probably
On Fri, 29 Aug 2003 19:30:44 CDT, David Frascone <[EMAIL PROTECTED]> said:
> 'course, I probably get 25 e-mails a day telling me that I sent someone
> Sobig, which would be pretty impressive, since I run Suse :)
I should be so lucky. I'm averaging almost that many AV-scanner alerts bouncing
to
With the current virii usually forging the from field with random
addresses from its victim's address book, I turned off my virus
scanner's warning to the senders . . I only send a polite note to the
intended recipient.
Responding to virii, or warning users that they are infected is a waste
of tim
The from address is typically forged, but seems to be frequently be real
addresses.
I've been getting quite a large number of virus disinfection replies to
various addresses that come to me. (Quite odd, too, since some of the
addresses being used haven't been used for 10 years, but are still
forw
Title: Bericht
All,
Today I recieved 2
mails with the following subjects:
Wicked
screensaver
Thank
you!
The sender was [EMAIL PROTECTED], according to the
header.
This may indicate
that this ietf mailinglist is infected with the sobig f
virus.
I recommend that all
the participi
23 matches
Mail list logo