[Esd-l] SoBig.F backscatter trap
Kevin Hemenway
info at totalnetnh.net
Fri Aug 22 11:00:42 PDT 2003
>One of the problems we're having with SoBig.F is not the worm itself (which
>is being trapped) but rejection notices that arrive when the worm forges the
>"From:" address and sends to a nonexistent address (or sends a message that
>hits a virus checker). I have some clients who are running John's sanitizer
>and have come up with the following local rule to catch a lot of the
>backscatter:
I'm seeing less "Undeliverable" bounces, and more "OH NOE! YOUR EMAIL HAS A
VIRUS IN IT! POOH POOH!" auto-responses (which, cynically, anyone who's
running a virus notifier should be painfully aware that the From: addresses
are faked, and they're merely wasting even more time and energy).
--
Kevin Hemenway
More information about the esd-l
mailing list