[Gllug] Yet another M$ worm!

Ian Northeast ian at house-from-hell.demon.co.uk
Mon Sep 22 19:11:16 UTC 2003


Alain Williams wrote:
> 
> On Mon, Sep 22, 2003 at 07:23:12AM +0100, Christopher Hunter wrote:
> > Another worm exploiting the stupidity of most M$ "software" users has been
> > flooding my mailboxes -
> >
> > http://www.sophos.com/virusinfo/analyses/w32gibef.html
> >
> > This one seems to be a little more sophisticated than most, and appears to be
> > a patch issued by Microshaft!  It also disables some firewalls and
> > "anti-virus" software.  Expect your e-mail to really slow down over the next
> > few days!
> 
> Is it my imagination, or have we been having rather more of these in the last few
> months than before ?

Particularly since last Thursday when this "Swen" or "Gibe-f" one
started. This one is particularly virulent because it uses the ISP smart
host as found from the Outlook configuration on the infected machine,
and sends a single mail with hundreds of "RCPT To:" envelope headers,
and so makes the smart host do the hard work and deliver all the copies.
So a single infected PC can send more messages than it should be capable
of doing.

The upside of this behaviour is that it's easy to see where the message
originated, so, if the ISPs do their jobs properly, they should get
cleaned up pretty quickly.

It's bloody annoying ATM though.

Regards, Ian

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list