Silent virus list

[Antony Stone]

On Friday 19 September 2003 1:32 pm, Martin Sapsed wrote:

> We've only seen 150 or so copies of Gibe-F so far and never had that
> many of the other family members before. It's interesting that Raymond
> has had over 5000 copies - do you have a huge user population Raymond?
> Our Informatics department (posh name for CompSci!) have their own
> e-mail system (don't they always? (no offence Julian! :-)) and they've
> seen a larger number of Gibe-F relative to our count that the 5% or so
> that they normally encounter. Suggests that it's not spreading
> particularly quickly but is quite prolific when it finds a victim?

I would agree with this idea that the distribution is quite erratic.

I run several domains on a single mail server, one of them had a *vast* flood
of Sobigs until last week, now one of the others is getting a moderate influx
of Dumaru, whilst another is getting a modest number of Gibes.   All the
other domains are just getting normal emails and spams, very few viruses.

Out of interest, after Sobig had died down at the weekend, I did some
statistics on where the ones I had seen had come from (by the source IP
address in the initial HELO connection to the mail server), and out of around
25,000 copies I received on the server, from about 200 different IP
addresses, over 50% of them came from just 4 machines.

One of them even carried on sending until yesterday, because its clock was
wrong and the Sobig code hadn't timed out.   I eventually got that one to
stop by contacting the abuse department at the ISP where the IP address lived.

Regards,

Antony.

--

The idea that Bill Gates appeared like a knight in shining armour
to lead all customers out of a mire of technological chaos
neatly ignores the fact that it was he who, by peddling
second-rate technology, led them into it in the first place.

 - Douglas Adams in The Guardian, August 25, 1995