rich text

Where is the kaboom? It was supposed to go kaboom!

In with all of the email we’ve been receiving because of the sobig
virus and variants was this gem:

Date: Thu Aug 21 11:22:53 2003
To: <faq@e-smith.com>
From: postmaster@alna.lt
Subject: Network Associates Webshield -  e-mail Content Alert

Network Associates WebShield SMTP V4.5 MR1a on mars intercepted a mail
from <faq@e-smith.com> which caused the Content Filter <*.pif> unallowed
attachment to be triggered.

Long ping times though.

Rich

8 responses to “Where is the kaboom? It was supposed to go kaboom!”

  1. I just received something like 14 of those horrible viruses in a row, “Re; ….” with the .pif attachment. ugh. *hate it*
    You obviously weathered the blackout. That was fun.

  2. Yeah, but I bet yours were all from Earth!

    Yep, the blackout was interesting indeed. The life-or-death part worked out fine — we lost no fish! I learned two important lessons, though. I promised myself I would not post about the blackout so I will convey them here instead:

    • Three of the six plugs on the UPS are not battery-backed. Should probably use the ones that are, instead.
    • While a cordless phone is useful day-to-day, it stops being useful when the only power available is 48VDC from a phone jack.

    Oops. :-)

  3. Also,

    # drop sobig
:0 
* ^Subject: (Your details)|(Thank you!)|(Re: Thank you!)|(Re: Details)|(Re: Re: My details)|(Re: Approved)|(Re: Your application)|(Re: Wicked screensaver)|(Re: That movie)|(Attachment:)
* ^X-MailScanner: Found to be clean
* ^X-Mailer: Microsoft Outlook
* ^X-MSMail-Priority:
* !^X-MimeOLE:
* ^Content-Type: multipart/mixed;
/dev/null

  6. Yep. I have just moved my firewall from freebsd to openbsd. Guess what was plugged into the UPS and what wasn’t? *oops* old firewall box was still running but…

  8. New one floating about.

    # drop patch.exe
:0 
* ^Subject: Use this patch immediately
* !^X-Mailer:
* !^X-MimeOLE:
* ^Content-Type: multipart/mixed;boundary="xxxx"
/dev/null