kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | reply to EGeezer
Re: Sober Spam Spoofing Sender? Yes, it spoofs, I've seen bouncebacks to an address hosted on a linux box (meaning it can't be infected with anything Sober). 
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages. |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7 | reply to K McAleavey
SANS handler's diary update A good read and update for those who don't follow ISC's excellent diaries [/plug]
»isc.sans.org/diary.php?date=2005-05-16 |
|
|
|
| reply to kpatz
Re: Sober Spam Spoofing Sender? Hi ,
I 've already a lot of email from unknown sender in same pattern as Sober Spam. every day , I delete almost 50000 email so What should I do to solve it ? because it cannot trap in our mail gateway . Pls Help ....
Thanks
 |
|
 justinAustralian
join:1999-05-28
New York, NY
kudos:7
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
| if you really have 50,000 emails you are lucky, take a days worth, and filter out the IPs that are sending them, visible in your mail server header line, then block those IPs. I'm only getting about 20 or 30 a day so it isn't worth me doing this, yet.
I'm not sure about filtering by subject, perhaps this virus is picking up new subjects and links dynamically according to the controllers whim, making subject blocking no good. |
|
 rogue_I Have A Secret WindowPremium
join:2001-10-17
Lake Hiawatha, NJ | reply to K McAleavey
Re: Heads-up: Sober Spam wave started last night We have a serious problem with this now. A few of our employee's e-mail accounts are being bombarded.
Our e-mail service is with Interland and I, as far as I can tell, am unable to induce any kind of filters through the web-admin to stop this. Also, it seems to be inundating Interland as legitimate e-mails are coming in a day or so late now.
Is there a way I can make Outlook filter these out? At least then I won't have to listen to the, 'I keep getting these e-mails' all freaking day long.
And if anyone has a suggestion for a new business website hosts and e-mail provider, I'm all ears.
--
Bozone (n.): The substance surrounding stupid people that stops bright ideas from penetrating. |
|
| will graylisting help with this are they resent once they are bounced...?
--
»www.LaWirelessWeb.com |
|
 cacrollEventually, Prozac becomes normalPremium
join:2002-07-25
Martinez, CA | said by LaWirelesWeb:will graylisting help with this are they resent once they are bounced...?
Are you bouncing them? Didn't you see all the notes that Mytob spoofs the From: address?
--
Cheers,
Chuck
»nitecruzr.blogspot.com/ |
|
Reviews:
 ·T-Com
| reply to K McAleavey
Sober. P loads new program parts from Internet
Internet user should update virus protection
Bonn, 20th May, 2005 - In coming Monday, 23rd May, 2005, becomes the Trojan horse located in circulation Sober. P try to reload new program parts from the Internet. According to the Federal Office for security in the information technology (BSI) is still unclear nowadays which precise consequences are to be expected. As an effective preventive measure all Internet users should update the used virus protection-program.
According to the analysis of the source code is Sober. P to question on numerous places on the Internet for new program parts in the position from the 23rd May, 2005 independently and to reload this. A new computer worm or a new Trojan horse will possibly reach thus in circulation.
The BSI is with the operators of the known Internet-Domains in contact, so that these are switched off and the attack goes with it probably to the emptiness.
Nevertheless, the BSI advises all computer users own virus protection-software to update immediately.
»www.bsi.bund.de/presse/pressinf/···berp.htm
(That is a machine translation by Abacho.de)
--
Regards from Germany. Please excuse my stumbling English |
|
