[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] SoBig.F strange problem
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] SoBig.F strange problem
- From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- Date: Thu, 21 Aug 2003 12:16:12 +1200
Stephen Clowater <steve@stevesworld.hopto.org> joined the "Clueless in
Seattle" brigade with:
> I started getting 1000-2000 an hour yesterday, I just went to all the border
> routers and put a filter on 25 to drop those connections and send a notice to
> the From feild of the smtp query, and a QUIT to the mailserver it was
> connecting to.
This virus, like nearly every vaguely "successful" self-mailing virus
for the last two or more years forges the From: header _and_ the SMTP
envelope From:. Your "solution" is only adding to the problem by
increasing the unnecessary bandwidth needlessly used by this virus
_and_ confusing the hell out of a lot of perfectly innocent bystanders
you have now accused of being virus-infected.
> I'd recomend doing this, its easy to do in freeBSD, all my borders are
> freeBSD so I havent tried it on anything else yet :)
I'd recommend you pull your head out of your BSD (Big, Smelly, Dumb)
arse, pick up the clue-stick and beat yourself senseless with it. When
you come round, have your colleagues repeat the procedure on you.
Sheeesh...
Unix bigot "experts" -- it's a good thing for you Unix is not the
preferred OS on the Internet or yesterday's thread about clueless MCSEs
would have been about you and your buddy clueless UCSEs...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html