Need a book? Engineering books recommendations...

Return to index: [Subject] [Thread] [Date] [Author]

RE: Problem

[Subject Prev][Subject Next][Thread Prev][Thread Next]
Interestingly, after this guy popped off about receiving the Beagle worm
from SEAINT, I went to my Sendmail logs for the past several weeks to
see if I came up with anything.

Nothing carrying "Beagle," but RIGHT AT THE BEGINNING OF THE NEW YEAR, a
whole spate of "Sober" virus-laden emails tried to get through:

Jan  1 19:52:18 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  2 14:38:52 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  2 18:02:26 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  2 19:56:53 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  3 00:36:17 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  3 01:16:27 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  3 03:08:48 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  3 09:38:20 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  3 16:18:49 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  3 21:29:21 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  4 09:06:37 X-Virus-Status: Infected with Worm.Sober.U-3
Jan  4 11:01:53 X-Virus-Status: Infected with Worm.Sober.U-3

Then they just tailed off. I'm assuming this indicates that this
particular variant was timed to attack right as the calendar rolled
around to January 1. I'm sure there were many more that tried to get
through, but the "Blackhole" services such as SpamCop that my
Spamassassin installation uses tends to shut those out, too, since they
begin to register as "spam" a short while after the attacks start up.

But also interesting: I didn't find any sign at all of "Beagle" in the
logs. This lends credence to the notion that this guy's "Problem" has
nothing whatsoever to do with SEAINT.

(N.B. Since I installed the F/OSS version of "ClamAV" on my server, I
haven't had a single solitary piece of malware delivered to any mailbox
on my home network. That's more than two years ago, now).

******* ****** ******* ******** ******* ******* ******* ***
*   Read list FAQ at: http://www.seaint.org/list_FAQ.asp
* 
*   This email was sent to you via Structural Engineers 
*   Association of Southern California (SEAOSC) server. To 
*   subscribe (no fee) or UnSubscribe, please go to:
*
*   http://www.seaint.org/sealist1.asp
*
*   Questions to seaint-ad(--nospam--at)seaint.org. Remember, any email you 
*   send to the list is public domain and may be re-posted 
*   without your permission. Make sure you visit our web 
*   site at: http://www.seaint.org 
******* ****** ****** ****** ******* ****** ****** ********