Yes, that is true...that is why I am using Anti-Spam software to preview all messages directly on the server before downloading them or deleting them. It is recommended that if you are using a server-based Ant-Spam program, like Spam Assassin, that you flag the messages as SPAM (based on intelligent filters and lists - black and friends) rather than deleting them outright.
UPDATE ON SOBIG: The SoBig virus seems to be more evil than security analyst originally thought. It looks like those computers that are still infected by a certain date will send requests to 20 different servers worldwide to download an "unknown program" to the infected computers.
http://story.news.yahoo.com/...ch_internet_virus_dc
So, it's important for all Internet users to make sure that they use Anti-Spam, Firewalls (at the email server level to block IPs), etc.
BTW: The Internet Security Systems (ISS) group has identified possibly IP Addresses of the 20 computers:
-----------------------------------------
Computers infected with the Sobig.F worm are programmed to automatically download an executable of unknown function from a hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is recommending wholesale outbound filtering of the following IP addresses:
67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96
The request method uses UDP port 8998. X-Force also recommends that this port be filtered outbound.
-----------------------------------------
Hope this helps.
========================================
Buh Bye!
Cheers,
Me
UPDATE ON SOBIG: The SoBig virus seems to be more evil than security analyst originally thought. It looks like those computers that are still infected by a certain date will send requests to 20 different servers worldwide to download an "unknown program" to the infected computers.
http://story.news.yahoo.com/...ch_internet_virus_dc
So, it's important for all Internet users to make sure that they use Anti-Spam, Firewalls (at the email server level to block IPs), etc.
BTW: The Internet Security Systems (ISS) group has identified possibly IP Addresses of the 20 computers:
-----------------------------------------
Computers infected with the Sobig.F worm are programmed to automatically download an executable of unknown function from a hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is recommending wholesale outbound filtering of the following IP addresses:
67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96
The request method uses UDP port 8998. X-Force also recommends that this port be filtered outbound.
-----------------------------------------
Hope this helps.
========================================
Buh Bye!
Cheers,
Me