[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] question about sobig

Subject: [ale] question about sobig
From: john at marasco.net (John Marasco)
Date: Wed, 20 Aug 2003 08:23:30 -0400

Geoffrey wrote:

> John Marasco wrote:
>
>> Selected quote about the SoBIG virus...
>>
>> But even those who weren??t directly infected with the virus were 
>> struggling with it. When it replicates, the virus ??spoofs?? the 
>> sending e-mail address. That means the ??From:?? line is faked, 
>> selected from a list of e-mail addresses culled off the Internet. 
>> Users unlucky enough to be used in SoBig??s ??From?? line can get 
>> hundreds of SoBig-related complaints, including automated bounce 
>> messages saying the virus didn??t reach its recipient, or irate 
>> messages from recipients who think they??ve been sent a computer virus.
>
>
> I'm not aware that it pulls addresses from the internet, but pretty 
> sure it does pull them from address books on the infected machines.
>
> Where'd you get this quote?
>
 From the link I posted earlier.

http://www.msnbc.com/news/954470.asp?0cv=CB10

Cert says the same thing but more technically...

http://www.cert.org/current/archive/2003/07/16/archive.html

I appologize if this information is incorrect.  Technical, it's quite 
easy to pull addresses from many sources on a machine and not simply the 
address book.

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Prev by Date: [ale] nice router
Next by Date: [ale] question about sobig
Previous by thread: [ale] question about sobig
Next by thread: [ale] question about sobig
Index(es):
- Date
- Thread