[Dshield] Upsurge in SoBig?

John D. lists at webcrunchers.com
Mon Sep 8 00:42:08 GMT 2003


One of the things we really want,  is to find someone infected that previously sent me a copy of the Sobig,   then get them to send me another message from their machine so we can compare the mail headers,  which is going to give us a good idea of how to fingerprint the proxy servers they install on infected machines.   With this informaion,  we should be able to identify without a doubt if this was a proxy installed through the proxy or virus.

With this fingerprint info,  we can then identiify spam channelled through this method.

John





More information about the list mailing list