To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Based on some of the followup messages I've seen on the list, I'm concerned that my question regarding certain Message-ID's appearing to have a constant substring in them has led others to posit that this is an indicator of the Storm Worm. I was asking for information about *known* Storm Worm generated emails others had seen with this pattern, not whether this pattern indicates the Storm Worm.
After processing several thousand valid Message-ID's through a modified Boyer-Moore substring matcher, that exact substring appears in some valid messages as well. So I hope that anyone who is or is considering dropping email based on this pattern should reconsider that approach. Incidentally, there is some nice code here for string matching that others might find useful: http://en.wikipedia.org/wiki/Turbo_Boyer-Moore_algorithm -- Jon Those who make peaceful revolution impossible will make violent revolution inevitable. -- John F. Kennedy _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
