[plug] has anyone had any involvement with the "sober" virus?
Senectus .
senectus at gmail.com
Fri May 20 12:55:19 WST 2005
It's the one that spams German propaganda via it's own smtp when infected.
I'm at a site that i *think* has been infected and I've started doing
what I can to halt it so I can track it and clean it..
I blocked port 25 on the firewall for anything other than the mail
server and I fully expected to see the logs filling up with "denies",
but the only denies I'm seeing are from my test runs of "telnet
mail.westnet.com.au 25" .... (it's been blocked for hours now)
It's making me think that I've missed something or the virus isn't
actually from here and that all the bounce messages are actually
spoofed addresses..
Any suggestions?
--
Ubuntu Hoary 5.04
Our OS who art in CPU, LINUX be thy name. Thy programs run, thy
syscalls done, In kernel as it is in user!
http://www.modmeup.net
More information about the plug
mailing list