Summersault
Home About Us Services Portfolio Community Support
Database Driven Websites
community home
local community
partner community
online community
weblog


Archives: Categories: Authors:

 

Summersault Weblog

« A Few Things About Tiger
Firefox is Gaining Ground on Internet Explorer »

Sober.P Worm hits

Posted by Chris Hardie on May 4th, 2005

The Sober.P worm, which spreads itself through infected e-mail attachments, seems to be hitting the U.S. fairly hard this week. I just noticed that it started coming into Summersault’s mail servers en masse - at least compared to our normal virus load - earlier this week.

Worm Graph

This graph, which is updated on the left side, shows the sudden influx of virus traffic - up to 64 infected messages every 5 minutes, beginning about mid-day Monday.

Of course, one of the resulting joys in my life is that I get to craft fun “track it down” mail log parsing statements, like

grep Sober.P /var/log/clamav/clamd.log | grep hedwig | cut -d’/’ -f6 | tail -2500 | xargs grep -B1 ‘by nollie’ | grep HELO | cut -d’ ‘ -f 6 | sort | uniq -c | sort -rn | head -200

I guess the real joy is all the Summersault clients with mail accounts that aren’t seeing those thousands of viruses come into their inbox.

This entry was posted on Wednesday, May 4th, 2005 at 2:59 pm and is filed under Sysadmin / Hosting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Did you find this entry interesting or useful? Please tell us about it!

Leave a Reply

The opinions expressed by individuals posting in the Summersault Weblog are not necessarily those of Summersault, LLC. While we try to insure the quality and accuracy of the information presented here, we make no guarantees about its suitability for any particular purpose.
email us info@summersault.com      call us 765.939.9301 Print This Page search go