in case nobody else noticed it, there was a mail worm released today
Wojtek Zlobicki
wojtekz at idirect.com
Tue Jan 27 02:01:17 UTC 2004
The worm is being talked about on news.com and all the major virus vendors
already have advisories on their websites. The worm in my case masqueraded
as a Mailer Daemon bounce. Source email address appeared to be valid and
matching a domain of a website I visited recently (but have not for a long
time). Anyone know the worm generates the sending domain.
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of Paul
Vixie
Sent: Monday, January 26, 2004 8:52 PM
To: nanog at merit.edu
Subject: in case nobody else noticed it, there was a mail worm released
today
my copies (500 or so, before i filtered) are in a ~7MB gzip'd mailbox file
called http://sa.vix.com/~vixie/mailworm.mbox.gz (plz don't fetch that
unless you need it for comparison or analysis). there's a high degree of
splay in the smtp/tcp peer address, and the sender is prepared to try backup
MX's if the primary rejects it, though it appears to try the MX's in
priority order.
More information about the NANOG
mailing list