From: "Brandon S. Allbery KF8NH" <allbery_at_ece.cmu.edu> > On Tue, 2003-08-19 at 18:03, Bill Moran wrote: > > Just curious if anyone knows the origin of all these auto-responses, etc. > > > > I'm seeing a lot of these on every list I'm subscribed to (not all of them > > FreeBSD related) so I was wondering if some Windows trojan is running rampant > > and using these list addresses as return addys? > > It's W32/SoBig.F_at_MM. It's spreading *fast*.... > The first day it appeared, I received 8000+ virus and virus warning messages in my inbox. The only way I could stop it from filling my inbox was to change my e-mail address, and place a permanent failure code in the access table for the old address. But, our mail server was still getting a Denial of Service, since it would max out the connections to both our primary and secondary mail servers. Today I believe I have solved the problem. I wrote a couple of scripts, that retrieves the IP address from the maillog for all servers/virus infected systems that are using the old email address. Then I setup IPFW to deny access to port 25 for these IP addresses. So far IPFW is dening access to our mail servers for 30,000 Class C's (/24). ScotReceived on Thu Aug 21 2003 - 20:29:15 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:19 UTC