All the Perl that's Practical to Extract and Report

Who turned off the tap?

grantm on 2003-09-15T08:31:09

After being deluged with email bounce messages for weeks, it suddenly struck me last Thursday that it had stopped. My email traffic has dropped from 100MB+ per day back, down to normal levels of 1MB per day or less. Today I've had less that 20 spams. Is there a story behind the sudden decrease?

Sobig timeout

Matts on 2003-09-15T09:27:11

The Sobig series of viruses all have an in-built timeout. They simply stop sending after a certain date (this was September 10th for Sobig.F).

The reason they do this is that the spammer who created Sobig now has his zombie network setup, and wants people to stop knowing what IP addresses they are on. Otherwise people can find out which machines are infected with Sobig.F by looking at the IP address sending them their spam.

Re:Sobig timeout

jordan on 2003-09-15T14:33:27


  • The reason they do this is that the spammer who created Sobig now has his zombie network setup...

It's really more of a parasite network. If it were a zombie network, the machines would be dead except for their functions as SPAM relays.