[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnubg] sobig versus gnu.org mail
From: |
Jim Segrave |
Subject: |
Re: [Bug-gnubg] sobig versus gnu.org mail |
Date: |
Thu, 4 Sep 2003 15:25:38 +0200 |
User-agent: |
Mutt/1.4.1i |
On Thu 04 Sep 2003 (13:12 +0000), Joern Thyssen wrote:
> On Wed, Sep 03, 2003 at 10:25:34PM +0200, Jim Segrave wrote
> >
> >
> > geduld is een schone zaak.
> > (patience is a virtue)
> >
> > It's not that bad, you sent it to gnu.org at 19:13:42 GMT
> > It took 2 hrs 10 minutes to get through the inbound mail handler and
> > spam scanner to the list exploder.
> > It took 23 hours to get back out again
> >
> > This will be gnu.org getting thousands of sobig mails from people who
> > at some point have mailed any of the lists hosted there and who now
> > have sobig and haven't fixed it.
>
> The Danish edition of Computer World has some virus and mail statistics
> every week. In the last edition their statistics claimed that close to
> 50% of all mail sent that week was Sobig/W32!!!
>
> No wonder the mailing server is down to it's knees!
We're seeing about an 80% increase, although the peak was just over
double the usual mail volumes to our NL customers.
A machine holding lots of mailings lists is particularly vulnerable,
as any infected machine which has a list subscription will both send a
lot of emails to the list server and a lot of emails with the list
address as the forged from. There are a huge number of broken virus
scanners out there which will then send a delivery failure/you have a
virus message back to the list server.
For those who haven't seen the effects, a single infected machine from
a customer of Demon UK had our NL hostmaster, webmaster and postmaster
addresses, all of which I see. I counted 165 emails from that machine
to those addresses in about 24 hours before the UK managed to get it
shut off (we're a lot more heavy handed here).
--
Jim Segrave address@hidden