[sdiy] Help - I am being mailbombed

Les Mizzell lesmizz at bellsouth.net
Fri Aug 29 18:22:37 CEST 2003 

::  I have a serious problem - someone is literally mailbombing me.


Hi,

This all appears to be the output of the SoBig virus.

Info from Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.a@mm.html


It's pretty nasty, because it will FAKE headers when sending out stuff, and
also send out viris warnings as well, with itself attached of course....

A friend of mine was getting close to 100 of these and hour for a few days
last week....



::  4 of these mail headers:
::
::  Return-Path: <djalone at houston.rr.com>
::  Delivered-To: jhaible at debitel.net
::  Received: (qmail 14777 invoked from network); 29 Aug 2003 16:33:40 +0200
::  Received: from unknown (HELO LTERPENING) (68.153.49.25)
::    by mail2.dnsg.net with SMTP; 29 Aug 2003 16:33:40 +0200
::  From: <djalone at houston.rr.com>
::  To: <jhaible at debitel.net>
::  Subject: Re: Re: My details
::  Date: Fri, 29 Aug 2003 9:36:02 --0500
::  X-MailScanner: Found to be clean
::  Importance: Normal
::  X-Mailer: Microsoft Outlook Express 6.00.2600.0000
::  X-MSMail-Priority: Normal
::  X-Priority: 3 (Normal)
::  MIME-Version: 1.0
::  Content-Type: multipart/mixed;
::  	boundary="_NextPart_000_24DA31A0"
::  Message-ID: <20030829143340.13930.qmail at mail2.dnsg.net>
::
::
::  Return-Path: <Hobbyha at aol.com>
::  Delivered-To: jhaible at debitel.net
::  Received: (qmail 14801 invoked from network); 29 Aug 2003 16:56:53 +0200
::  Received: from unknown (HELO LTERPENING) (68.153.49.25)
::    by mail2.dnsg.net with SMTP; 29 Aug 2003 16:56:53 +0200
::  From: <Hobbyha at aol.com>
::  To: <jhaible at debitel.net>
::  Subject: Re: Wicked screensaver
::  Date: Fri, 29 Aug 2003 9:59:15 --0500
::  X-MailScanner: Found to be clean
::  Importance: Normal
::  X-Mailer: Microsoft Outlook Express 6.00.2600.0000
::  X-MSMail-Priority: Normal
::  X-Priority: 3 (Normal)
::  MIME-Version: 1.0
::  Content-Type: multipart/mixed;
::  	boundary="_NextPart_000_24EF7431"
::  Message-ID: <20030829145653.14160.qmail at mail2.dnsg.net>
::
::
::  Return-Path: <marty.welch at dana.com>
::  Delivered-To: jhaible at debitel.net
::  Received: (qmail 15650 invoked from network); 29 Aug 2003 17:21:19 +0200
::  Received: from unknown (HELO LTERPENING) (68.153.49.25)
::    by mail1.dnsg.net with SMTP; 29 Aug 2003 17:21:19 +0200
::  From: <marty.welch at dana.com>
::  To: <jhaible at debitel.net>
::  Subject: Re: Your application
::  Date: Fri, 29 Aug 2003 10:23:41 --0500
::  X-MailScanner: Found to be clean
::  Importance: Normal
::  X-Mailer: Microsoft Outlook Express 6.00.2600.0000
::  X-MSMail-Priority: Normal
::  X-Priority: 3 (Normal)
::  MIME-Version: 1.0
::  Content-Type: multipart/mixed;
::  	boundary="_NextPart_000_2505D263"
::  Message-ID: <20030829152119.15329.qmail at mail1.dnsg.net>
::
::
::  Return-Path: <marty.welch at dana.com>
::  Delivered-To: jhaible at debitel.net
::  Received: (qmail 15650 invoked from network); 29 Aug 2003 17:21:19 +0200
::  Received: from unknown (HELO LTERPENING) (68.153.49.25)
::    by mail1.dnsg.net with SMTP; 29 Aug 2003 17:21:19 +0200
::  From: <marty.welch at dana.com>
::  To: <jhaible at debitel.net>
::  Subject: Re: Your application
::  Date: Fri, 29 Aug 2003 10:23:41 --0500
::  X-MailScanner: Found to be clean
::  Importance: Normal
::  X-Mailer: Microsoft Outlook Express 6.00.2600.0000
::  X-MSMail-Priority: Normal
::  X-Priority: 3 (Normal)
::  MIME-Version: 1.0
::  Content-Type: multipart/mixed;
::  	boundary="_NextPart_000_2505D263"
::  Message-ID: <20030829152119.15329.qmail at mail1.dnsg.net>

More information about the Synth-diy mailing list