[lug] N00b: Security Warning Fun -- spamassassin blocking

Frank Whiteley techzone at greeleynet.com
Tue Aug 19 18:05:34 MDT 2003


----- Original Message -----
From: "John Starkey" <jstarkey at advancecreations.com>
To: <lug at lug.boulder.co.us>
Sent: Tuesday, August 19, 2003 15:17
Subject: Re: [lug] N00b: Security Warning Fun -- spamassassin blocking


> dan radom wrote:
> >you can ask to see the full headers, but yes.  chances are someone
> >simply forged your address as the from envelop.
>
> Not sure if it's related, but an admin for one of my clients just told
> me the mail server there went from a thousand or so emails per sec
> (normal) to over a million at around 9am EDT. Evidently, the virus is
> going out as from admin at myclient.com. The bounces were already up to
> like 3 megs after 4 hours.
>
> John
>
http://www.sarc.com/avcenter/venc/data/w32.sobig.f@mm.html

Been filtering them since early AM from IBM in NY, U Wisc, and some others,
plus bounces due to spoofed addressing (source IPs remain intact in headers
on most I've seen).  One client's mail server went unstable for a while this
morning, but may have been peripheral to a DDOS attack.

Then there's this one.
http://www.nwfusion.com/news/2003/0819navy.html

Frank Whiteley




More information about the LUG mailing list