Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SoBig.F strange problem

From: Jeremiah Cornelius <jeremiah () nur net>
Date: Wed, 20 Aug 2003 10:44:21 -0700
Mike Vasquez wrote:


I've seen a handful with no attachment and checked my logs -- none was
stripped on my end...
----- Original Message ----- From: "Steve Bremer" <steveb () nebcoinc com> 
To: <full-disclosure () lists netsys com>


We've noticed a few problems with it as well.  We've received a few e-
mails with one of the typical Sobig subject lines, only no
attachment.  The attachment headers are in the e-mail, so our MUA
thinks there is an attachment, but there is just no "body" to the
attachment.

Either there are a few broken variants out there sending out e-mail
without the payload, or something in-between us and the sender is
stripping out the attachment.  It isn't our AV system, since it would
quarantine the entire message.

Has anyone else experienced this?

Steve Bremer
Funny, if they were stripped outbound, by the victim's gateway. Like a "Roach Motel." Is this a possibility - they don't get a sig on the attach - but strip outbound at the gateway for size? 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: