On Tue, 27 Jan 2004, technomage wrote:

> they are of the same variety as SoBig. fortunately, they won't be much of a
> bother for us linux users that use linux based e-mail clients..

Today's SCO press release says:

  "When a user opens the attachment their computer becomes infected and
   uses their computer with the intention of connecting to the www.sco.com
   Web site on February 1, 2004."

And:

  "SCO announced that it is offering a reward of up to a total of $250,000
  for information leading to the arrest and conviction of the individual
  or individuals responsible for creating the MYDOOM virus."

I am thinking about blocking all messages that contain any data with lines
starting with:

^TVqQAAMA
^UEsDBAoAAA

What do you think?

(I understand these mime64 encoded text means it is a Windows executable.)

reed@pilchuck:~$ grep ^TVqQAAMA mail/virus  | wc -l
     27
reed@pilchuck:~$ grep ^UEsDBAoAAA mail/virus | wc -l
     14

And another system:

reed@sloth:~$ grep ^UEsDBAoAAA mail/virus | wc -l
      5
reed@sloth:~$ grep ^TVqQAAMA mail/virus | wc -l
    418

   Jeremy C. Reed
   http://bsd.reedmedia.net/