[Dshield] Upsurge in SoBig?

Johannes Ullrich jullrich at euclidian.com
Mon Sep 8 13:30:00 GMT 2003


I believe these Sobig bursts are caused by individual users.
Once Sobig picked your address as "From" address, it looks like
it sends all its e-mail with the same "From" address.

So if one infected user happens to sent the virus using your
e-mail address as "From" address, you get a flood of bounces
and such until this user shuts down the system.



-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list