Curious behaviour of MyDoom
Stanier, Alan M
alan at ESSEX.AC.UK
Wed Feb 4 09:56:59 GMT 2004
Hi
We have two SMTP servers.
Our statistics show that roughly 2/3 of mail comes in through smtp0, and
1/3 through smtp1.
And until recently, 2/3 of the spam came in through smtp0, and 2/3 of
the virus-infected mail,
as I would expect.
But our logs show that about 50% of MyDoom-A is coming through smtp0,
and 50% through
smtp1. Has anyone else seen such behaviour? And can anyone explain why
it happens ... I
can only think that MyDoom gets the MX records of sites, and load
balances between all the
SMTP servers, but why?
Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040204/5efa46f5/attachment.html
More information about the MailScanner
mailing list