[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] SoBig.F strange problem 

I believe F-Prot found that 10%  of transmissions by this virus do not
include the attachment, not due to a broken variant but just doto the
coding, and my apologies if I'm not attributing credit properly,  I'm
tired and there's been a lot of e-mail.   I cann definitivey say I
learned this from someone posting on AVIEN>

G

-----Original Message-----
From: Steve Bremer [mailto:steveb@nebcoinc.com] 
Sent: Wednesday, August 20, 2003 9:10 AM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] SoBig.F strange problem


> line). But it seems to be broken in other areas, I think I'm getting

We've noticed a few problems with it as well.  We've received a few e-
mails with one of the typical Sobig subject lines, only no 
attachment.  The attachment headers are in the e-mail, so our MUA 
thinks there is an attachment, but there is just no "body" to the 
attachment.

Either there are a few broken variants out there sending out e-mail 
without the payload, or something in-between us and the sender is 
stripping out the attachment.  It isn't our AV system, since it would 
quarantine the entire message.

Has anyone else experienced this?

Steve Bremer
NEBCO, Inc.
System & Security Administrator

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html