[Dshield] Upsurge in SoBig?
lists at webcrunchers.com
Mon Sep 8 00:42:08 GMT 2003
One of the things we really want, is to find someone infected that previously sent me a copy of the Sobig, then get them to send me another message from their machine so we can compare the mail headers, which is going to give us a good idea of how to fingerprint the proxy servers they install on infected machines. With this informaion, we should be able to identify without a doubt if this was a proxy installed through the proxy or virus.
With this fingerprint info, we can then identiify spam channelled through this method.
More information about the list