This is scary. I verified the same pattern of the messages all being
relayed through one of those two servers. The headers of the messages
also show randomization in both the types of headers as well as the
basic construct of things like message boundaries. This is very
spammy, and it is a clear sign of this being a seeding event where
machines that were previously compromised have been configured with
spamware to carry out this coordinated mass-mailing. As far as this particular worm goes, it follows a pattern now over a year old. The neo-nazi's in Germany have used this virus to infect machines and then in turn they sent out massive amounts of propaganda. They did this twice so far, and before each event there was a similar outbreak of Sober. This shows a sophistication that I have not ever seen. The trick of relaying everything through a service provider really takes the cake. This virus was designed to not only get past virus scanners, but also spam blocking. I haven't seen any other viruses that have done anything to mask their true source like this one does. Matt Darin Cox wrote:
|
- [Declude.Virus] Possible new virus Darin Cox
- Re: [Declude.Virus] Possible new virus Darrell \([EMAIL PROTECTED])
- Re: [Declude.Virus] Possible new vir... Darin Cox
- RE: [Declude.Virus] Possible new vir... John T \(Lists\)
- Re: [Declude.Virus] Possible new virus Matt
- Re: [Declude.Virus] Possible new virus Darin Cox
- Re: [Declude.Virus] Possible new virus Darrell \([EMAIL PROTECTED])