All the Perl that's Practical to Extract and Report

September Returns

ziggy on 2003-09-09T14:18:59

This showed up in my mailbox this morning. Yep, it's that time of year again - the Return of the Never-Ending September... 

From admin@duma.gov.ru  Tue Sep  9 09:28:09 2003
Return-Path: 
X-Original-To: ziggy@panix.com
Received: from localhost (castle-149.slip.uiuc.edu [130.126.28.149])
        by mail1.panix.com [....]
From: "Microsoft" 
To: 
Subject: Use this patch immediately !
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx"
Date: Tue,  9 Sep 2003 09:28:05 -0400 (EDT)
X-Spam-Status: No, hits=3.4 required=5.0
        tests=MIME_MISSING_BOUNDARY,RAZOR2_CF_RANGE_91_100,RAZOR2_CHECK
        version=2.54
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 2.54 (1.174.2.17-2003-05-11-exp)
Content-Length: 12933
Lines: 253
  
[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.1K --]
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
  
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
  
[-- Attachment #2: patch.exe --]
[-- Type: application/download, Encoding: base64, Size: 12K --]
Content-Type: application/download
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=patch.exe

Half a million and counting...

nicholas on 2003-09-09T14:57:59

More than 500.000 already infected!

Whenever I see this I always wonder if this figure is actually refering to the number of suckers who got infected by this trojan.

I've been seeing the frequency of this one increase over the past few days - I wonder if all publicity of the SOBIG.F onslaught is causing more people to be taken in by this trojan's cover story.

Meanwhile, /dev/null now has 147762 SOBIG.Fs in it. I do hope it doesn't fill up any time soon.

Re:Half a million and counting...

ziggy on 2003-09-09T15:17:39

Meanwhile, /dev/null now has 147762 SOBIG.Fs in it. I do hope it doesn't fill up any time soon.
Ya know, 200GB FireWire HDs are pretty damn cheap at the moment. Perhaps it's time to requisition an extra space for /dev/null because of all the SOBIG.F's filling it up. ;-)