Looking at the exim.org logs yesterday what was very noticable was the
huge number of attempts being made to push this thing into us - I am
reasonably sure these are down to this worm, although since these were
being rejected at SMTP RCPT time due to failure of sender/recipient
verification its hard to be sure.
In all cases you see a connection from a host/port combination, the
rejected FROM/RCPT set, and then immediately a connection from
host/port+1 using the same sender/recipient combination (again
rejected).
There were a huge number of this pattern rejections yesterday.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
