lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F43B375.1040002@nur.net>
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: SoBig.F strange problem

Mike Vasquez wrote:

>I've seen a handful with no attachment and checked my logs -- none was
>stripped on my end...
>
>
>----- Original Message ----- 
>From: "Steve Bremer" <steveb@...coinc.com>
>To: <full-disclosure@...ts.netsys.com>
>
>  
>
>>We've noticed a few problems with it as well.  We've received a few e-
>>mails with one of the typical Sobig subject lines, only no
>>attachment.  The attachment headers are in the e-mail, so our MUA
>>thinks there is an attachment, but there is just no "body" to the
>>attachment.
>>
>>Either there are a few broken variants out there sending out e-mail
>>without the payload, or something in-between us and the sender is
>>stripping out the attachment.  It isn't our AV system, since it would
>>quarantine the entire message.
>>
>>Has anyone else experienced this?
>>
>>Steve Bremer
>>    
>>
Funny, if they were stripped outbound, by the victim's gateway.  Like a 
"Roach Motel."  Is this a possibility - they don't get a sig on the 
attach - but strip outbound at the gateway for size?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ