[Dshield] Mail bombing by MyDoom, bouncing of infected emails, and a few other random thoughts
bjorn at thechemistrylab.com
Thu Jan 29 17:36:17 GMT 2004
My tiny little network only received MyDoom from 2 different sources. One
was from the local university and one was from the local competing ISP. The
university only sent one, but the local ISP has done nothing about the IP I
reported to it.
It does seem to burst, the sending times are extremely erratic, ranging from
2 minutes apart to 6 hours apart.
----- Original Message -----
From: "Jon R. Kibler" <Jon.Kibler at aset.com>
To: <list at dshield.org>
Sent: Thursday, January 29, 2004 9:53 AM
Subject: [Dshield] Mail bombing by MyDoom, bouncing of infected emails, and
a few other random thoughts
<all kinds of kung-fu snipping>
> One other oddity we have seen with MyDoom... the forged recipients and the
mail servers bouncing the viruses seem to be very local -- meaning that most
(>50%) of the MyDoom traffic originates for the local metropolitan area.
Usually, mail originating from our metropolitan area probably constitutes
less than 1% of all email traffic. Even with other email viruses, we have
never seen such a large local burst. Has anyone else seen such an occurrence
or are we just "lucky"?
<shao-lin secret style snipping>
More information about the list