(keitai-l) OT: Re: w32.sobig

From: Paul Lester <paul_at_thetamusic.com>
Date: 08/25/03
Message-ID: <3F49D865.2CD42528@thetamusic.com>
    There are other ways you can receive this kind of mail.

(I got most of this from the NY Times and other unreliable
untechnical sources.... so hopefully its partially right)

    For instance, SoBig does not come from the FROM address.
SoBig will change the from to any address it finds on the target
computer.

    Second, if someone is sick of spam, they can disable their email address.
In such a case, any email send to them will get bounced back to the
email SoBig sets as the sender which can be you.

    Thirdly, the keitai-L member who gets the virus may deflect it
in different unique ways which do not use IP backtracking since even that is
sometimes ineffective in blocking spam and junk mail.

    I have received and blocked (but not bounced most of them except by accident)
many many of these virus mails as well.  But so far my lines of defense are holding.
(Luckily...hopefully).

    But none have come from keitai-L members!

handy@maltech.ne.jp wrote:

> Hello keitai-l,
>
>   I received many emails because of w32.sobig, many of them are from
>   this list's members.. either they:
>
>   - send email attached by w32.sobig (the most w32.sobig'ed emails are
>   from 203.69.74.62.. I did backtracking using IP not using From:,
>   since it can be fooled by w32.sobig).
>
>   or
>
>   - their spamkiller send me warning as if I sent them email attached
>   by w32.sobig. again, w32.sobig can fool From: value at your emails,
>   so please backtrack using IP address or your spamkiller looks like
>   spammer to me !!
>
> --
> Internet Explorer has many avenues where it might be presented with
> executable content. One of these avenues must be broken so that executable
> content might be automatically run.
>
> This mail was sent to address paul@thetamusic.com
> Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/

--
*+*=*+*=*+*=*+*=*+*=*+*=*+*=*+*=*+*=*+*F=m(dv/dt)
Paul B. Lester
thetamusic.com(有)
Chief Engineer

EMAIL: paul@thetamusic.com
--
http://www.thetamusic.com/

personal homepage: http://pbl1.tripod.com/
personal EMAIL: pbl1@cornell.edu
*+*=*+*=*+*=*+*=*+*=*+*=*+*=*+*=*+*=*+*F=m(dv/dt)
Received on Mon Aug 25 12:43:13 2003