[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
- Subject: Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
- From: Jeff Lasman <blists@xxxxxxxxxxxxx>
- Date: Sun Feb 1 11:32:01 2004
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Saturday 31 January 2004 11:07 pm, Al-Juhani wrote:
> It is programmed to launch a worldwide attack on the Web
> site of SCO, one of the largest unix vendors in the world..
Perhaps you should have written:
"site of SCO, one of the largest threats to Linux in the world".
I still haven't figured out how to block them at "rcpt to" time, but I
have some filters locally that you and others could implement in
procmail to keep these from getting to your users:
1) Filter on subject of "Hi" and attachment of zip file
2) Filter on subject of "Re: Hi" and attachment of zip file
3) Filter on sender of "MAILER-DAEMON" and attachment of zip file
4) Filter on sender of "Mailer-Daemon" and attachment of zip file
5) Filter on subject contains "Virus Alert - ScanMail" and attachment of
zip file
6) Filter on subject contains "Several matches found in Domino
Directory" and attachment of zip file.
I'm sure we'll get a few more signatures to look for as time goes on.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html";