Wednesday, 9. July 2003
Proxies, DSL and spam
If, like me, you are seeing an enormous amount of spam apparently coming from ADSL users in (oh, I don't know...) Canada, or Belgium, or Switzerland, or Mexico, or... Well...You may be wondering why.
I must confess, until recently I was convinced that this was some piece of foolishness on the part of certain users of Microsoft operating systems along the lines of:
But then I got to thinking (don't know why this took so long), we are seeing a huge amount of viruses at the moment (and blocking them all, thanks Trend) but they look different somehow. Payload delivered as a .zip with the single exhortation, "please see attached file". What is the payload of these things (take Sobig.E as an example)?
Most AV vendors are strangely silent on the subject. They say how the virus propagates and that it will stop soon due to a hard coded use by date, but that is all. So I went for a Google, and I rather wish I hadn't...
Not a lot to add really. Need a sit down. And a chat with firewall dude (let me know if any of the stage 2 or 3 payloads actually made it inside our perimeter; which I kind of doubt but it still makes me shudder thinking about it).
So long Internet. We hardly knew ye...
Category: Viruses and Worms
Technorati: Viruses and Worms
I must confess, until recently I was convinced that this was some piece of foolishness on the part of certain users of Microsoft operating systems along the lines of:
- user installs MS operating system
- and connects to ADSL service without any firewall
- and installs every piece of MS software he can find including things like personal web servers and maybe a proxy server
- ... result - wide open proxy for spammy to use
But then I got to thinking (don't know why this took so long), we are seeing a huge amount of viruses at the moment (and blocking them all, thanks Trend) but they look different somehow. Payload delivered as a .zip with the single exhortation, "please see attached file". What is the payload of these things (take Sobig.E as an example)?
Most AV vendors are strangely silent on the subject. They say how the virus propagates and that it will stop soon due to a hard coded use by date, but that is all. So I went for a Google, and I rather wish I hadn't...
Sobig.a and the Spam You Received Today
by LURHQ Threat Intelligence Group
Sobig.e - Evolution of the Worm
by LURHQ Threat Intelligence Group
Not a lot to add really. Need a sit down. And a chat with firewall dude (let me know if any of the stage 2 or 3 payloads actually made it inside our perimeter; which I kind of doubt but it still makes me shudder thinking about it).
So long Internet. We hardly knew ye...
Category: Viruses and Worms
Technorati: Viruses and Worms
Comments :
No documents found
Unable to post a comment? Please read this for a possible explanation...
-