On Tue, 27 Jan 2004, technomage wrote:
> they are of the same variety as SoBig. fortunately, they won't be much of a
> bother for us linux users that use linux based e-mail clients..
Today's SCO press release says:
"When a user opens the attachment their computer becomes infected and
uses their computer with the intention of connecting to the
www.sco.com
Web site on February 1, 2004."
And:
"SCO announced that it is offering a reward of up to a total of $250,000
for information leading to the arrest and conviction of the individual
or individuals responsible for creating the MYDOOM virus."
I am thinking about blocking all messages that contain any data with lines
starting with:
^TVqQAAMA
^UEsDBAoAAA
What do you think?
(I understand these mime64 encoded text means it is a Windows executable.)
reed@pilchuck:~$ grep ^TVqQAAMA mail/virus | wc -l
27
reed@pilchuck:~$ grep ^UEsDBAoAAA mail/virus | wc -l
14
And another system:
reed@sloth:~$ grep ^UEsDBAoAAA mail/virus | wc -l
5
reed@sloth:~$ grep ^TVqQAAMA mail/virus | wc -l
418
Jeremy C. Reed
http://bsd.reedmedia.net/
(text/plain)