Monday, 4. August 2003
Behold Sobig.F ?
This worm just out. Not yet actually named "Sobig.F". But earlier Sobig variants were originally misnamed too...
Another .zip with a plausible sounding reason to open it.
I bet this is another multi stage trojan that installs a proxy or similar (no samples available here yet to test that hypothesis...).
Category: Viruses and Worms
Technorati: Viruses and Worms
Another .zip with a plausible sounding reason to open it.
I bet this is another multi stage trojan that installs a proxy or similar (no samples available here yet to test that hypothesis...).
Footnote 19 August 2003
It is now clear that this is not Sobig.F. The virus is way too dumb for that. We have no samples here and never will have, because this particular virus (actually Mimail.A) spoofs the sender address as admin@victims_domain, a pretty stupid thing to do.
Why? Because any well configured MTA will reject email where the sender envelope contains its local Internet domain.
Loads of bounces in our MTA logs though, for precisely that reason.
Category: Viruses and Worms
Technorati: Viruses and Worms
Comments :
1. Chris Linfoot04/08/2003 17:06:53
BBC says this about Mimail:
http://news.bbc.co.uk/1/hi/technology/3122633.stm
<fair use>However Mimail's text does leave a vital clue that it is a rogue e-mail - business e-mail accounts don't expire.</fair use>
Of course, we all know they do:
http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b8525689b005ba1c0/ba38cca14743380085256d7200452b13?OpenDocument
2. L Blen23/09/2003 14:52:24
What if this email comes with no subject nor anything in the body or message? I just get a blank email once per day. Only the sender email address is spoofed. Wierd aint it?
Unable to post a comment? Please read this for a possible explanation...
- 
