[PLUG] Mail abuse problem
Ken Barber
pundit at teleport.com
Mon Jun 2 12:43:01 UTC 2003
On Monday 02 June 2003 08:59, Holger Stephan wrote:
> Here is a mail security question:
> Today the webmaster of one of the domains on my server received
> an undeliverable notification from the AOL postmaster, with a
> virus message attached. In other words: it seems my webmaster
> sent out this virus message:
It's Sobig.c. It hit over the weekend. I got several copies of
its predecessor last week.
It installs an SMTP server in 'doze machines and then mass-mails
itself with forged email headers, some of which claim to come
from Bill Gates himself. It didn't come from the AOL postmaster;
It came from some clueless loser still endangering his/her safety
and privacy by running 'doze on an Internet-connected machine.
Configuring your SMTP server to reject SMTP requests from hosts
that fail a reverse DNS lookup will help stop some of these. But
not all of them.
The SANS security news browser --
http://www.sans.org/snb/csec.htm
-- does an excellent job of keeping folks up-to-the-minute with
breaking security news.
Ken
More information about the PLUG
mailing list