[Esd-l] Badtrans as nauseam (Was: badtrans ad infinitum)
Chris Payne
cpayne at pr.uoguelph.ca
Wed Nov 28 11:45:00 PST 2001
It is times like these that I check my email on my OS/2 Warp4
or my Linux workstations and not on a Windoze PC.
John, thank you again for providing the tool which has prevented
more than 1,000 infections since its installation on my mail
server.
- Chris
On Wed, 28 Nov 2001 12:04:04 -0700, Brett Glass wrote:
>At 07:49 AM 11/28/2001, John D. Hardin wrote:
>
>>My quarantine overfloweth.
>>
>>Does anybody know BillG's email address so we can all do something
>>useful with these damned things?
>
>It's billg at microsoft.com.
>
>And the problem will get worse. Sircam was prevalent enough, and it
>did not infect unless the recipient launched an attachment. Badtrans
>doesn't require that, and is also an autoresponder. It therefore is
>likely to be the most widespread worm yet. Thank <insert name of
>deity of your choice> that it doesn't have a destructive payload
>(like Magistr) and does not obscure the address of the infected
>party (like Hybris). I'm concerned that later mutations WILL do
>these things, which is why I want multiple filters and recipes
>in place. (Still need to learn how to do a recipe that compares
>the envelope "From" address and the From: header.)
>
>--Brett Glass
>_______________________________________________
>Esd-l mailing list
>Esd-l at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esd-l
>
- -
Chris Payne
Network Administrator
Physical Resources Dept,
University of Guelph
(519)824-4120 x2882
cpayne at pr.uoguelph.ca
More information about the esd-l
mailing list