[Dshield] MyDoom Part 2

Micheal Patterson micheal at tsgincorporated.com
Tue Feb 3 23:00:37 GMT 2004


----- Original Message ----- 
From: "MH" <procana at insight.rr.com>
To: "General DShield Discussion List" <list at dshield.org>
Cc: <micheal at tsgincorporated.com>
Sent: Tuesday, February 03, 2004 4:32 PM
Subject: Re: [Dshield] MyDoom Part 2


> On Tue, Feb 03, 2004 at 11:53:44AM -0800, John Sage wrote:
>
> > I'd say 50% or more of the MyDoom-releated email I'm receiving is now
> > of the form:
> >
> > Date: Tue, 3 Feb 2004 18:02:51 +0100
> > From: Mail Delivery Subsystem <MAILER-DAEMON at mail6.mc2.net>
> > To: <alice at finchhaven.com>
> > Subject: Returned mail: see transcript for details
> > Auto-Submitted: auto-generated (failure)
> >
> > [-- Attachment #1 --]
> > [-- Type: text/plain, Encoding: 7bit, Size: 0.5K --]
> >
> > The original message was received at Tue, 3 Feb 2004 17:49:54 +0100
> > from mailrelay1.ornis.com [195.101.197.41]
> >
> >    ----- The following addresses had permanent fatal errors -----
> > <andrew at gallimard.fr>
> >     (reason: 550 RCPT TO:<andrew at gallimard.fr> User unknown)
> >
> >    ----- Transcript of session follows -----
> > ... while talking to [10.180.49.32]:
> > >>> RCPT To:<andrew at gallimard.fr>
> > <<< 550 RCPT TO:<andrew at gallimard.fr> User unknown
> > 550 5.1.1 <andrew at gallimard.fr>... User unknown
> >
> > /* snip */
> > - John
>
> Hi John,
>
> I added the first names contained in the virus code to
> the mta's blocked rcpt list.  My mta rejects the mail without ever
> putting it into queue.  This has really cut down on the amount of
> this stuff.
>
> Hope this helps,
> Mike

I thought that this one pulled it's names from the users address book or are
you just blocking the names based on what's been inbound to you?

--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.




More information about the list mailing list