[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] SoBig.F strange problem
- To: Mike Vasquez <mike@blakogre.com>
- Subject: Re: [Full-Disclosure] SoBig.F strange problem
- From: Jeremiah Cornelius <jeremiah@nur.net>
- Date: Wed, 20 Aug 2003 10:44:21 -0700
Mike Vasquez wrote:
>I've seen a handful with no attachment and checked my logs -- none was
>stripped on my end...
>
>
>----- Original Message -----
>From: "Steve Bremer" <steveb@nebcoinc.com>
>To: <full-disclosure@lists.netsys.com>
>
>
>
>>We've noticed a few problems with it as well. We've received a few e-
>>mails with one of the typical Sobig subject lines, only no
>>attachment. The attachment headers are in the e-mail, so our MUA
>>thinks there is an attachment, but there is just no "body" to the
>>attachment.
>>
>>Either there are a few broken variants out there sending out e-mail
>>without the payload, or something in-between us and the sender is
>>stripping out the attachment. It isn't our AV system, since it would
>>quarantine the entire message.
>>
>>Has anyone else experienced this?
>>
>>Steve Bremer
>>
>>
Funny, if they were stripped outbound, by the victim's gateway. Like a
"Roach Motel." Is this a possibility - they don't get a sig on the
attach - but strip outbound at the gateway for size?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html