Re: [Exim] Blocking sobig.f

Top Page
This message is part of the following thread:
M-----\the complete thread tree sorted by date
M\....MAlun at <-
MMM++\MWakko Warner at ->
Delete this message
Reply to this message
Author: Wakko Warner
Date:  
To: Dan Evans
CC: exim
Subject: Re: [Exim] Blocking sobig.f
> > Here's the list of HELOs I've seen (out of about 160 virus mails):
> > ED
> > L-308
> > BOBS
> > RNPC47
> > YOUR-US67PI6LUV
> > LR
> > SE-VASQUEZ
>
> I'm seeing a load of LISSY, DAVID, DANNIEL and BETHGE, among others. I think
> its the machine name.

Given I don't have the source or know the internals of the virus, I can't
say for sure, but you could be right. So far the above has kept the payload
way down.

I think you are right, the ones that HELO as RNPC47 all have the same IP and
that IP only HELOs as that.

--
Lab tests show that use of micro$oft causes cancer in lab animals


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] Majorcool & eximRe: [Exim] Majorcool & exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)