asterisk users - Aug 2003 - [OT] Virus propagation by asterisk user member.

Sorry to air this in public, but sometimes people need to be publicly
shamed.

"Frej Jensen" <frej@legespace.dk> 
This user is spewing the sobig worm around the net. I have received over
20 messages so far today. Most to me at both my former address, and my
current address. I matched the IP address from my mail servers logs to
his cable modem address used when posting a message to this list on July
25th. 

If users persist in having unsafe computing tendencies like using
windows, please remove them from the network.

BTW, this is a good reason for having long running personal archives of
the mailing lists you belong to. A fairly easy grep command across my
mail directory found the person responsible when from/to addresses are
forged. 

-- 
Steven Critchfield  <critch@basesys.com>

I've gotten a lot of unwanted, unsolicited mail today as well.  Most 
probably with the subject line "wicked screensaver".  I guess the bad
guys
are mining the asterisk list.  Guess I'll have to play with iptables and 
the mirror arguement.
AJ



On Tue, 19 Aug 2003, Steven Critchfield wrote:
> Sorry to air this in public, but sometimes people need to be publicly
> shamed.
> 
> "Frej Jensen" <frej@legespace.dk> 
> This user is spewing the sobig worm around the net. I have received over
> 20 messages so far today. Most to me at both my former address, and my
> current address. I matched the IP address from my mail servers logs to
> his cable modem address used when posting a message to this list on July
> 25th. 
> 
> If users persist in having unsafe computing tendencies like using
> windows, please remove them from the network.
> 
> BTW, this is a good reason for having long running personal archives of
> the mailing lists you belong to. A fairly easy grep command across my
> mail directory found the person responsible when from/to addresses are
> forged. 
> 
>