Sobig.f and no actual messages
Richard.Hopkins at bristol.ac.uk
Thu Aug 28 11:16:51 GMT 2003
I noticed yesterday that local systems infected with Sobig.f are making
repeated connections to the MX hosts of our domain (no surprises there ;-)
However, all they appear to be doing when they do is connect, issue an HELO
(or EHLO), issue a MAIL FROM:, issue an RCPT TO: and then disconnect (they
don't appear to enter into the data transfer phase, nor issue a QUIT).
I've only got limited monitoring facilities available to me on the MX
hosts, but the above is what *appears* to be happening.
Anyone else seen this?
University of Bristol,
Bristol, BS8 1UD, UK
Tel +44 117 928 7859
Fax +44 117 929 1576
More information about the unisog