As everyone probably knows, there is a pretty large outbreak going on
right now. According to our mail filters at http://aves.f-prot.com,
10.56% of all filtered E-mail contains W32/Sober(_dot_)J(_at_)mm(_dot_) In
addition,
there is a significant number of bounces as well.
We've reached 1.5 GB an hour of this s**t since Tuesday. Only our AV
calls it Sober(_dot_)I(_at_)mm(_dot_)
I agree, bounces are the very evil of the net itself.
Where I'd have to disagree is here:
> * Doing SPF checking will block the vast majority of the worms, but it
> will not help with the bounces or the filter alerts.
It may block the vast majority of current worms, but I doubt it would
stop the tide for long.
VX-ers will find other ways of abusing infected victims.. they might
even send out email using the user's own email account and/or email client.
As long as there are huge drone armies out there, and their likes - I
don't see how spam solutions today would really work as people hope.
They will help reduce the numbers by a 0 or two though (if widely
implemented in a reasonable period of time). I may actually get hundreds
instead of thousands of spam messages a day.
Gadi.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg