[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website

Subject: Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
From: "Al-Juhani" <aljuhani@xxxxxxxxx>
Date: Sun Feb 1 11:44:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> I still haven't figured out how to block them at "rcpt to" time, but I 
> have some filters locally that you and others could implement in 
> procmail to keep these from getting to your users:
> 
> 1) Filter on subject of "Hi" and attachment of zip file
> 2) Filter on subject of "Re: Hi" and attachment of zip file
> 3) Filter on sender of "MAILER-DAEMON" and attachment of zip file
> 4) Filter on sender of "Mailer-Daemon" and attachment of zip file
> 5) Filter on subject contains "Virus Alert - ScanMail" and attachment of 
> zip file
> 6) Filter on subject contains "Several matches found in Domino 
> Directory" and attachment of zip file.
> 
> I'm sure we'll get a few more signatures to look for as time goes on.

Jeff,

Well just for the purpose of trying to analyze both MyDoom.A and MyDoom.B
worms are available on this website: http://homepages.ihug.co.nz/~mjcarter/
see the link at the bottom of the page.

Al-Juhani

Follow-Ups:
- Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
  - From: Jeff Lasman

References:
- [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
  - From: Al-Juhani
- Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-users] DNS Root recent server change?
Next by Date: RE: [cobalt-users] Emails Duplicated
Previous by thread: Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
Next by thread: Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index