It appears that a new variant of Bagle/Beagle is out -- up to version
P by McAfee's counting. This new one adds a new bogus From address,
e.g. [log in to unmask] The mail team is looking into restoring
the known ID blocking. (The mail team is also looking at a more
general solution, as suggested I think here by John Valenti:
check to see if a From mailbox exists and block delivery when
it doesn't.)
/rich
>Has this blocking been dropped? My department just got hit this morning with a
> flood of these from [log in to unmask], [log in to unmask], etc. (I identified the
> computer from its IP, and sent email to the user as well as the IP
> administrator.)
>
>At 01:18 PM 3/3/2004, Rich Wiggins wrote:
>>The mail team is now blocking mail from sending addresses known
>>to be bogus and used by the worm:
>>
>>[log in to unmask]
>>[log in to unmask]
>>[log in to unmask]
>>[log in to unmask]
>
>
>--Chris
>==============================================
>Chris Wolf Computer Service Manager
>Agricultural Economics [log in to unmask]
>Michigan State University 517 353-5017
|