[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website

Subject: RE: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
From: Arthur Sherman <arturs@xxxxxxxxxxxxxxxx>
Date: Sun Feb 1 12:15:02 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Once I thought MS was a biggest threat to Linux. Things change...
:-))

Arthur Sherman
 
ComPros Team
 

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx 
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Jeff Lasman
> Sent: Sunday, February 01, 2004 21:31
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] MyDoom for Windows is being used 
> to attack UINUX Website
> 
> On Saturday 31 January 2004 11:07 pm, Al-Juhani wrote:
> 
> > It is programmed to launch a worldwide attack on the Web 
> site of SCO, 
> > one of the largest unix vendors in the world..
> 
> Perhaps you should have written:
> 
> "site of SCO, one of the largest threats to Linux in the world".
> 
> I still haven't figured out how to block them at "rcpt to" 
> time, but I have some filters locally that you and others 
> could implement in procmail to keep these from getting to your users:
> 
> 1) Filter on subject of "Hi" and attachment of zip file
> 2) Filter on subject of "Re: Hi" and attachment of zip file
> 3) Filter on sender of "MAILER-DAEMON" and attachment of zip file
> 4) Filter on sender of "Mailer-Daemon" and attachment of zip file
> 5) Filter on subject contains "Virus Alert - ScanMail" and 
> attachment of zip file
> 6) Filter on subject contains "Several matches found in 
> Domino Directory" and attachment of zip file.
> 
> I'm sure we'll get a few more signatures to look for as time goes on.
> 
> Jeff
> --
> Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  
> 92517 US Professional Internet Services & Support / 
> Consulting / Colocation Our blists address used on lists is 
> for list email only Phone +1 909 324-9706, or see: 
> "http://www.nobaloney.net/contactus.html";
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-users] Emails Duplicated
Next by Date: Re: [cobalt-users] DNS Root recent server change?
Previous by thread: Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website
Next by thread: Re: [cobalt-users] MyDoom for Windows is being used to attack UINUX Website

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index