From: "Brandon S. Allbery KF8NH" <[EMAIL PROTECTED]>
> On Tue, 2003-08-19 at 18:03, Bill Moran wrote:
> > Just curious if anyone knows the origin of all these auto-responses,
> >
> > I'm seeing a lot of these on every list I'm subscribed to (not all of
> > FreeBSD related) so I was wondering if some Windows trojan is running
> > and using these list addresses as return addys?
> It's W32/[EMAIL PROTECTED]  It's spreading *fast*....
The first day it appeared, I received 8000+ virus and virus warning messages
in my inbox.  The only way I could stop it from filling my inbox was to
change my e-mail address, and place a permanent failure code in the access
table for the old address.  But, our mail server was still getting a Denial
of Service, since it would max out the connections to both our primary and
secondary mail servers.  Today I believe I have solved the problem.  I wrote
a couple of scripts, that retrieves the IP address from the maillog for all
servers/virus infected systems that are using the old email address.  Then I
setup IPFW to deny access to port 25 for these IP addresses.  So far IPFW is
dening access to our mail servers for 30,000 Class C's (/24).


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to