Szerző: Wakko Warner Dátum: Címzett: Dan Evans CC: exim Tárgy: Re: [Exim] Blocking sobig.f
> > Here's the list of HELOs I've seen (out of about 160 virus mails): > > ED
> > L-308
> > BOBS
> > RNPC47
> > YOUR-US67PI6LUV
> > LR
> > SE-VASQUEZ
>
> I'm seeing a load of LISSY, DAVID, DANNIEL and BETHGE, among others. I think
> its the machine name.
Given I don't have the source or know the internals of the virus, I can't
say for sure, but you could be right. So far the above has kept the payload
way down.
I think you are right, the ones that HELO as RNPC47 all have the same IP and
that IP only HELOs as that.
--
Lab tests show that use of micro$oft causes cancer in lab animals