in case nobody else noticed it, there was a mail worm released today

• Previous message (by thread): in case nobody else noticed it, there was a mail worm released today
• Next message (by thread): in case nobody else noticed it, there was a mail worm released today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The worm is being talked about on news.com and all the major virus vendors
already have advisories on their websites. The worm in my case masqueraded
as a Mailer Daemon bounce.  Source email address appeared to be valid and
matching a domain of a website I visited recently (but have not for a long
time).  Anyone know the worm generates the sending domain. 

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of Paul
Vixie
Sent: Monday, January 26, 2004 8:52 PM
To: nanog at merit.edu
Subject: in case nobody else noticed it, there was a mail worm released
today


my copies (500 or so, before i filtered) are in a ~7MB gzip'd mailbox file
called http://sa.vix.com/~vixie/mailworm.mbox.gz (plz don't fetch that
unless you need it for comparison or analysis).  there's a high degree of
splay in the smtp/tcp peer address, and the sender is prepared to try backup
MX's if the primary rejects it, though it appears to try the MX's in
priority order.

• Previous message (by thread): in case nobody else noticed it, there was a mail worm released today
• Next message (by thread): in case nobody else noticed it, there was a mail worm released today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]