W32/Sobig.F virus header
Rabellino Sergio
rabellino at DI.UNITO.IT
Thu Aug 21 09:23:06 IST 2003
Dear julian,
these are lines from the NAI website
> The attachment must be run manually to infect the local system. Additionally, messages sent by the virus contain the following fields
>
> * X-MailScanner: Found to be clean
> * X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>
> The virus sends itself via its own SMTP engine, which requires an ESMTP server to send itself successfully. The virus does an MX lookup on the target domain (ie. when sending itself to user at domain.com, it sends though the servers specified in the MX record for domain.com).
:-) Are you going to be famous ? :-)
Bye.
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
Member of the Internet Society
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
More information about the MailScanner
mailing list