[TCLUG] Annoying worm

Mon Sep 8 10:48:50 CDT 2003

On Mon, Sep 08, 2003 at 10:25:52AM -0500, Peter Clark wrote:
> I've been getting a "security announcement" from "Microsoft" saying
> that I should install a patch yada yada yada. Fortunately, my email
> host strips out the attachment, but it's starting to get annoying.
> Looking at the headers, it looks as though it's coming from
> c-67-167-47-217.client.comcast.net [67.167.47.217], so I'm guessing
> that someone's got a wormed computer on a cable modem. Suggestions?

# Standard scoring filter for procmail
:0
* -99^0
* 100^1 ^Content-type:.*(word|excel|\.pif|\.scr|\.com)
* 100^1 ^Received.*c-67-67-47-217.client.comcast.net
*  50^1 security announcement
*  25^1 microsoft
*   0^0 ^Message-Id: \/.*
{
	LOG="Killed Message-Id: $MATCH"

	:0
	/dev/null
}

-- 
Chad Walstrom <chewie at wookimus.net>           http://www.wookimus.net/
           assert(expired(knowledge)); /* core dump */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030908/cd9bff60/attachment.pgp