MyDoom Countermeasures

[Chris Yuzik]

Rose, Bobby wrote:

>You would think that the AV vendors would have posted this info when
>they deconstructed it.  It also uses the domain name of the email
>address that it's sending to as the source system hostname.
>
Are you sure about this? I'm seeing a lot of messages coming in that
don't look like that's the case.

Can you provide an example so I know I'm looking at the right stuff?

> I had a
>postmaster using Declude AV software email me about the virus coming
>from us and I pointed out that the system hostname of the source machine
>being used wouldn't resolve to the IP address of the source machine.  I
>guess he wasn't doing reverse lookups.
>
>

Thanks,
Chris