[PLUG] The big virus in the news

AthlonRob athlonrob at axpr.net
Thu Aug 21 22:14:01 UTC 2003


On Thu, 2003-08-21 at 18:19, Michael C. Robinson wrote:
> It supposedly doesn't damage files instead disrupting the Internet by
> hobbling it.  How does it work?  Is this an attack on a vulnerable
> program or is it something else?  Apparently an email has to be opened
> for this beast to be let lose, anymore have more specifics?

It seems more prolific than anything else I've seen lately.  Maybe I'm
just in more address books now - I dunno.

My mother has been getting one every twenty minutes in her inbox.  I get
about 20 mailer-daemon emails in my AOL box - those are the ones from
people infected with the virus with me and others in their address book,
and I get the emails (20 a day or so) for only those which have my
address spoofed in the FROM header and the TO header to some
non-existent name.

I let my amavis log file get away from me (111MB in size today) so I'm
having difficulty parsing it to see what kind of things have been
hitting my server, I'll work on that later and have a look-see.

To get infected, in Windoze, you have to be running OE with all the
'execute everything you can then just view an infected email...

Just grep'd for reject in my maillogs... they've been lower this week
than the week before last.

Rob





More information about the PLUG mailing list