[Dshield] vunerability windows

John Sage jsage at finchhaven.com
Fri Feb 6 21:32:28 GMT 2004


On Fri, Feb 06, 2004 at 03:21:47PM +0100, Stephane Grobety wrote:
> Date: Fri, 06 Feb 2004 15:21:47 +0100
> From: Stephane Grobety <security at admin.fulgan.com>
> To: General DShield Discussion List <list at dshield.org>
> Subject: Re: [Dshield] vunerability windows
> 
> > I was wondering what peoples ideas were on how to mimise the
> > windows.
> Quarantine every attachement and don't deliver it to the user
> before enough time has elapsed (2-3 days seems enough so far).
> 
> > The other day I wondered why anti-virus vendors arent getting into
> > mail clients.
> 
> They might not get into mail client software writing, but they sure
> are getting into MY mail client... I'm bing mail-bombed by their "you
> have sent a virus to our server, blah, blah" messages...

Some rough statistics here:

[jsage at sparky ~/Mail] $ ls -la MyDoom
-rw-------    1 jsage    jsage    20836080 Feb  6 04:08 MyDoom


---Mutt: =MyDoom [Msgs:820 New:62 Old:510 Post:1 19M]---


So, 820 MyDooms so far, comprising 19-20meg, and sorting by subject
and doing a little grep-work:

[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Delivery failure' MyDoom
17
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Delivery Notification' MyDoom
10
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Delivery problems' MyDoom
56
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Delivery Status Notification' MyDoom
45
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*failure notice' MyDoom
73
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Mail delivery failed' MyDoom
18
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Mail System Error' MyDoom
8
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Returned mail' MyDoom
117
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*Undeliverable' MyDoom
53
[jsage at sparky ~/Mail] $ grep -i -c 'Subject:.*virus' MyDoom
44


So roughly 441 of these, or 53%, are probably bounces.

That's over 10 meg...



- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."




More information about the list mailing list