Sobig.f with stripped attachments.

Michael Sofka sofkam at rpi.edu
Tue Aug 26 13:12:02 GMT 2003


We've been inundated with email from Sobig.f which did not
include the attachment.  I had assumed intermediary gateway
machines had silently stripped the attachment, sending on the
annoying email.  (Yesterday I must have deleted 200 from my
inbox alone.)

Well, yesterday we saw the ``stripped off'' attachments originating
from a local machine.  There is no attachment stripping gateway
between the infected client and our mail relay.  So, were did the
attachment go?

I suspect there is a bug in Sobig.f that, depending on the infected
machine, may not always attach the virus.  Alternatively, the virus
author intended this as another way of sowing uncertainty, doubt
and annoyance.  Or, perhaps to require we take steps such as blocking
X-MailScanner, or certain, common, subjects.

Mike

-- 
Michael D. Sofka              sofkam at rpi.edu
C&CT Sr. Systems Programmer    Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY.  http://www.rpi.edu/~sofkam/



More information about the unisog mailing list