[ale] question about sobig
John Marasco
john at marasco.net
Wed Aug 20 08:23:30 EDT 2003
Geoffrey wrote:
> John Marasco wrote:
>
>> Selected quote about the SoBIG virus...
>>
>> But even those who werenÂ’t directly infected with the virus were
>> struggling with it. When it replicates, the virus “spoofs” the
>> sending e-mail address. That means the “From:” line is faked,
>> selected from a list of e-mail addresses culled off the Internet.
>> Users unlucky enough to be used in SoBig’s “From” line can get
>> hundreds of SoBig-related complaints, including automated bounce
>> messages saying the virus didnÂ’t reach its recipient, or irate
>> messages from recipients who think theyÂ’ve been sent a computer virus.
>
>
> I'm not aware that it pulls addresses from the internet, but pretty
> sure it does pull them from address books on the infected machines.
>
> Where'd you get this quote?
>
From the link I posted earlier.
http://www.msnbc.com/news/954470.asp?0cv=CB10
Cert says the same thing but more technically...
http://www.cert.org/current/archive/2003/07/16/archive.html
I appologize if this information is incorrect. Technical, it's quite
easy to pull addresses from many sources on a machine and not simply the
address book.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list