tag:blogger.com,1999:blog-10259481.post816058088542925576..comments2023-10-30T09:25:19.881-05:00Comments on Joel Esler: Procmail rule for the Storm WormJoel Eslerhttp://www.blogger.com/profile/05018134738510159518noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-10259481.post-6793772218699549082008-01-06T11:43:00.000-05:002008-01-06T11:43:00.000-05:00The rule is merely filtering out the thousands of ...The rule is merely filtering out the thousands of emails that storm sends out. By sending those emails to dev/null, maybe no one can click on them. Of course every variant of the storm worm will be different, but this is a start.Joel Eslerhttps://www.blogger.com/profile/05018134738510159518noreply@blogger.comtag:blogger.com,1999:blog-10259481.post-51996455757023296552008-01-06T11:31:00.000-05:002008-01-06T11:31:00.000-05:00Hmmm, AFAIK Storm sends the e-mails from infected ...Hmmm, AFAIK Storm sends the e-mails from infected PC's ("bots"), so looking at the domains corresponding to the reverse-dns'd IP isn't useful since it is a very diverse and ever-growing list?<BR/><BR/>Or maybe I misunderstood and you were referring to the domains of the spoofed "from" fields...Cd-MaNhttps://www.blogger.com/profile/05030326541176171725noreply@blogger.com