New Virus - WARNING

Mark Ardito · From: Chicago, IL, USA

Another Trojan-Horse is hitting a TON of people.

It is called "SoBig" or W32.Sobig.F@mm

The subject of the email will be:

Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details

The attachment will be:

your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

DO NOT OPEN THIS.

Please read here for more details.

Thanks!
Mark

------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

CrowBear Schmitt · From: Ariege, - PairO'knees, - France

i've gotten 7 sobigs today and it's not midnight yet
thanx to Norton/Symantec they have been neutralized
how many of you have gotten any today ?
i'd love to get my hands on the jokers that send these viruses

hang 'em high.....

------------------
Steel what?

[This message was edited by CrowBear Schmitt on 20 August 2003 at 10:23 AM.]

Mark Ardito · From: Chicago, IL, USA

I got 562 this morning! Yep, that is right...562!

Mark

------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

Jay Ganz · From: Out Behind The Barn

I already changed my Forum email address to
an online webmail site so the emails aren't
put on my hard drive. My Norton detected
the above mentioned viruses with no problem,
but who wants to take a chance. It seems
every time this sorta thing happens, it's
through the Forum (unfortunately).

b0b · From: Cloverdale, CA, USA

Actually, it's not "through the Forum". It's through people who have built large address books by corresponding with Forum members.

There has never been an instance of the Forum or a Forum moderator distributing a virus to Forum members. The Forum computer itself runs under Linux and is locked down very tight. Only one of my computers has an email client on it, and I only run that twice a month to archive mail when my web-based mailboxes get full. And I never run Microsoft Outlook Express, the #1 program used to distribute viruses.

In other words, it's nearly impossible for a virus to be distributed via the Forum computers.

------------------

Bobby Lee
-b0b- quasar@b0b.com

System Administrator

CrowBear Schmitt · From: Ariege, - PairO'knees, - France

i got 25 more
no forumites seem to be the origin of this stuff

Jeff A. Smith · From: Angola,Ind. U.S.A.

I'm glad I finally got around to deleting my address book, and putting everything on a Word document and disc.

b0b, it's reassuring to have a bonafide "expert" in charge here.

Jay Ganz · From: Out Behind The Barn

I got rid of my address book also
awhile back. Now I wish any forumites
with a giant list of addresses would
do the same! At least it's good to
know the Forum itself is protected.

b0b · From: Cloverdale, CA, USA

From the Sophos page about Sobig-F:

Ken Lang · From: Simi Valley, Ca

There needs to be some big time global penalties for the whiz kids and the serious disrupters. For the latter, 5 years hard time with no electricity, not even a light in their cell.

For the former, 5 years of strict banjo lessons followed by 5 years of accordian lessons. By that time, computer code will have passed them by and they'll either have to play "Lady of Spain" in 2/4 time somewhere in the South or Earl Scruggs songs in Italy.

Al Marcus · From: Cedar Springs,MI USA (deceased)

Hey b0b, what can we use in place of Outlook express and still keep our contacts up?...Thanks....al

------------------
My Website..... www.cmedic.net/~almarcus/

Jeff Agnew · From: Dallas, TX

Jimmy Lewis · From: Harrisonburg, Louisiana, USA

Eudora is another good mail client. They have a free verson of the program on their web site.

Earnest Bovine · From: Los Angeles CA USA

Eudora and Pegasus seem very nice.
They let us import our address book from Netscape v4.7x.
But they seem to lack a feature which our household requires: "Add sender to address book" with a mouse click or 2. Correct me if I'm wrong.

Ron Page · From: Penn Yan, NY USA

I don't have but a few of y'all's e-dress in my Outlook Express address book. My first impression about the idea of getting rid of the address book was, "Yeah, and I'll go back to using the function keys instead of a mouse too."

However, on second thought, it might be a reasonable alternative to keep the addresses in a Word file on the desktop and not provide a potential re-transmission point for a virus. I'll take that under advisement.

On the other hand, I've become almost fanatical about applying the XP updates and Norton Live Updates. I also enable the XP Pro firewall. I don't want to succumb compeletely to the hackers, and that address book is mighty convenient.

Thanks for the heads-up on this one. I had a few in the Inbox last night at home; all scrubbed clean by Norton Anti-Virus.

------------------
HagFan

[This message was edited by Ron Page on 22 August 2003 at 10:25 AM.]

Donny Hinson · From: Glen Burnie, Md. U.S.A.

Could it be most people are too busy (lazy?) to actually write down someone's e-mail address, and then type it in every time they want to send something? This would all but eliminate this type of thing. Is it so much trouble? Do most of us regularly send e-mails to hundreds of people each day, so that we could actually say we need this feature? Maybe b0b. But everyone else? Somehow, I doubt it.

Yeah, I know, it's really convenient to use the popular (Microsoft or AOL) e-mail clients with their "address book" feature. But if you continue to "leave the front door open", the hackers will keep "walkin' in".

Jeff A. Smith · From: Angola,Ind. U.S.A.

Well, I've received a couple of delivery failure notifications that the virus has forged my e-mail address and tried to infect a couple of e-mail addresses I've never heard of.

Did a full scan with Norton which checked out okay. So far I haven't received any notice that it's tried to hit me personally. I don't know if the fact that my address has been forged means it actually has contacted me in some way.

Something that seemed goofy to me: One of the notifications (which is long and official-looking) had an accompaying attachment which was supposed to have more information. Needless to say, I felt I had enough knowledge already.

[This message was edited by Jeff A. Smith on 22 August 2003 at 09:38 PM.]

b0b · From: Cloverdale, CA, USA

I use register.com's email service. No mail client is necessary, and I can read my mail on any computer that's connected to the internet, through any browser. It costs $30/year, but you have to have a domain registered with them for it to work.

------------------

Bobby Lee
-b0b- quasar@b0b.com

System Administrator

Mark Ardito · From: Chicago, IL, USA

Jeff A. Smith,

That delivery failure means just what you said it does. Your address was "spoofed" and it sent an email to a bad address. It was returned to you because your address was the sender (not really). You are not infected. Keep updating your Virus Scan definitions and your Windows Updates.

Mark

Jeff A. Smith · From: Angola,Ind. U.S.A.

Thanks Mark. I've been reading your tips on viruses, and see your willingness to help others. I appreciate it.

Mark Ardito · From: Chicago, IL, USA

Jeff,

I appreciate the kind words! This is the way I look at it...I learn SO much from this forum about the PSG and playing and technique and I can go on and on! So I think that whatever I can give back to the forum is just the right thing to do.

Thanks!
Mark

------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

forrest klott · From: Grand Rapids Mi USA

I've been getting a TON of these since thursday, including some from some Forum members...in this instance, would it be permissable to put a small post in all of the other topics of this Forum directing people to this posting so they know (if not already) what to do and not to do as far as this virus goes?? I thought about it, but wasn't sure if that was permissable.

Skeeter Klott

b0b · From: Cloverdale, CA, USA

I'm getting a lot of them too. Keep in mind that the "From" field is a lie. I wouldn't want to spread panic by putting it in all of the Forum sections.

I did put a notice about it in Feedback and Testing. I think that two notices is enough.

------------------

Bobby Lee
-b0b- quasar@b0b.com

System Administrator

Jim Smith · From: Midlothian, TX, USA

One other thing to watch out for. I haven't received this virus myself (yet), but have received a returned message with it attached. Apparently it spoofed my "from" address, so it was returned to me when the recipient didn't exist. Norton did it's job of catching it, as usual.

Marco den Hertog · From: Amersfoort, The Netherlands

its a nasty little sucker, cause on the machine infected it reproduces itself by sending itsself to every name in the addressbook from every name in the adressbook
meaning if you got a 100 names addressbook
it wil send 100 x 100 emails to spread around !!

if the next that recieves such a mail clicks the darn attach. and his addressbook has a 100 well you can figure it out i guess

after a week of no more sobigs today it started to come in here again.
as it is set to selfdestruct on 10th of sept. i guess we`ll be havin this problem for a few more days !!

BTW: my vote goes to Pegasus mail (http://www.pmail.com), been using it for more than 4 years now and i must say less problems with virusses attacking my address book..

[This message was edited by Marco den Hertog on 03 September 2003 at 04:23 AM.]

Forum Index > Computers		Next oldest topic :: Next newest topic