[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] SoBig.F strange problem
- To: "'Steve Bremer'" <steveb@nebcoinc.com>, <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] SoBig.F strange problem
- From: "Bojan Zdrnja" <Bojan.Zdrnja@LSS.hr>
- Date: Thu, 21 Aug 2003 15:04:07 +1200
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
> Steve Bremer
> Sent: Thursday, 21 August 2003 1:10 a.m.
> To: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] SoBig.F strange problem
>
>
> > line). But it seems to be broken in other areas, I think I'm getting
>
> We've noticed a few problems with it as well. We've received a few e-
> mails with one of the typical Sobig subject lines, only no
> attachment. The attachment headers are in the e-mail, so our MUA
> thinks there is an attachment, but there is just no "body" to the
> attachment.
>
> Either there are a few broken variants out there sending out e-mail
> without the payload, or something in-between us and the sender is
> stripping out the attachment. It isn't our AV system, since it would
> quarantine the entire message.
>
> Has anyone else experienced this?
I can confirm this. I can see same thing here, but only a small number of
e-mails.
I believe something in-between me and the sender is stripping out
attachments, as you said, but incorrectly so we're receiving those messages
without the attachment.
I probably don't have to mention specially all those MTA's which are sending
notifications back to (faked) senders.
OTOH, e-mail system stopped ~30.000 Sobig.F viruses in last 12 hours - it's
not bad.
Regards,
Bojan Zdrnja
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html