sobig.f SMTP hosts?

Pollock, Joseph PollockJ at evergreen.edu
Wed Aug 20 18:30:16 GMT 2003


Like everyone else, we're seeing a lot of sobig.f delivered to the campus.
I've looked at the tech descriptions from the major antivirus vendors, and
they all agree that the virus has its own SMTP engine, but unlike some
previous advisories, there is no list of SMTP servers used by the virus.

Is this one using the SMTP host confgured on the victim's machine?  If this
is the case, a number of my users may be able to contact the infected
machine's owner.  If this is not the case, I don't want them to waste their
time trying.

Joe Pollock
Network Services
The Evergreen State College



More information about the unisog mailing list