[Dshield] MyDoom Part 2

Micheal Patterson micheal at tsgincorporated.com
Tue Feb 3 18:41:46 GMT 2004

Has anyone been able to do any type of assessment on how much of an increase
of internet traffic has resulted from the MyDoom variants? Another thing
that came to mind today, has anyone considered how their own MTA's while
protecting their network extremely well against the onslaught of virus
infected email, is in fact, assisting the author to spread this thing? It
just occured to me, while going through my postmaster email, that we are all
doing precisely that. Most MTA's, Sendmail, qmail, etc, are configured to
bounce the original message to the sender upon non delivery. This includes
the infected attachment in the event that the MTA isn't scanning for
virus/trojan software. One in particular that caught my attention was Qmail.
You know, with it's friendly "Hi. This is the qmail-send program at @host@".
If these MTA's are detecting this thing, they're just passing it along to
the innocent.


Micheal Patterson
TSG Network Administration

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original

More information about the list mailing list