[unisog] sobig.f SMTP hosts?

H. Morrow Long morrow.long at yale.edu
Wed Aug 20 20:19:40 GMT 2003


 From what I've seen of the Sobig.F mail 'server' (SMTP
outgoing engine) it appears to function as a 'smart' host
(e.g. it can do full DNS resolution, finds MX records, etc)
and it therefore doesn't need the services of a smarter
SMTP server but can function fine completely standalone
(e.g. it doesn't appear to use the SMTP host setting on
the user's email client).

H. Morrow Long, CISSP
Director - Information Security
Yale University, ITS

Pollock, Joseph wrote:

> Like everyone else, we're seeing a lot of sobig.f delivered to the campus.
> I've looked at the tech descriptions from the major antivirus vendors, and
> they all agree that the virus has its own SMTP engine, but unlike some
> previous advisories, there is no list of SMTP servers used by the virus.
> 
> Is this one using the SMTP host confgured on the victim's machine?  If this
> is the case, a number of my users may be able to contact the infected
> machine's owner.  If this is not the case, I don't want them to waste their
> time trying.
> 
> Joe Pollock
> Network Services
> The Evergreen State College



More information about the unisog mailing list