| Thread overview | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
August 25, 2003 sobig virus | ||||
|---|---|---|---|---|
| ||||
 | A lot of people are getting the sobig virus with a forged return address saying it is from me. Hence, I am getting a lot of emails from people upset about receiving the virus from me. The virus is not coming from me, there is nothing I can do about forged return addresses. | |||
Permalink
ReplyAugust 26, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter | Walter wrote:
> A lot of people are getting the sobig virus with a forged return address
> saying it is from me. Hence, I am getting a lot of emails from people upset
> about receiving the virus from me. The virus is not coming from me, there is
> nothing I can do about forged return addresses.
>
>
Ouch! I feel your pain. All these people have to do, I think, is look at the message source to see that the return address is forged.
Later,
John
| |||
August 26, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter | So then is there some ass on this newsgroup server that is listing email addy's and then sending it? Or are the attacks aimed at people outside this small collection of Martians? I bet I'm next on the list for calling him/her an "ass" LOL. "Walter" <walter@digitalmars.com> wrote in message news:bie4cu$2e08$3@digitaldaemon.com... | A lot of people are getting the sobig virus with a forged return address | saying it is from me. Hence, I am getting a lot of emails from people upset | about receiving the virus from me. The virus is not coming from me, there is | nothing I can do about forged return addresses. | | | |||
August 26, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Greg Peet | "Greg Peet" <admin@REMOVEMEgregpeet.com> wrote in message news:bif5c9$vci$1@digitaldaemon.com... > So then is there some ass on this newsgroup server that is listing email addy's and then sending it? Or are the attacks aimed at people outside this > small collection of Martians? My email address must be well known, because I am sent the sobig worm several hundred times a day. It gets rejected by the ever-vigilant Digital Mars mail server (thanks, Jan!) before it ever reaches me, but still it consumes a lot of bandwith at 100k a message. | |||
August 26, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Walter | "Walter" <walter@digitalmars.com> wrote in message news:bif661$10gs$1@digitaldaemon.com... | My email address must be well known, because I am sent the sobig worm | several hundred times a day. It gets rejected by the ever-vigilant Digital | Mars mail server (thanks, Jan!) before it ever reaches me, but still it | consumes a lot of bandwith at 100k a message. Good lord! What exactly is it? Is it an attachment of some script form or object code? I did a search and didn't find much on it. Just recently some idiot has been posting messages to newsgroups (comp.lang.c and comp.lang.c++) w/ an attachment of some type of amateur virus I assume (the files are .src exes).. I did a simple message trace and found the poster originating from the University of Wisconsin. Are all your attacks coming from free-mailer facilities? | |||
August 26, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Greg Peet | Meant ".scr" for screensaver, not ".src"... "Greg Peet" <admin@REMOVEMEgregpeet.com> wrote in message news:bifc3v$19jk$1@digitaldaemon.com... | "Walter" <walter@digitalmars.com> wrote in message | news:bif661$10gs$1@digitaldaemon.com... | | My email address must be well known, because I am sent the sobig worm | | several hundred times a day. It gets rejected by the ever-vigilant Digital | | Mars mail server (thanks, Jan!) before it ever reaches me, but still it | | consumes a lot of bandwith at 100k a message. | | Good lord! What exactly is it? Is it an attachment of some script form or | object code? I did a search and didn't find much on it. | | Just recently some idiot has been posting messages to newsgroups | (comp.lang.c and comp.lang.c++) w/ an attachment of some type of amateur | virus I assume (the files are .src exes).. I did a simple message trace and | found the poster originating from the University of Wisconsin. | | Are all your attacks coming from free-mailer facilities? | | | |||
August 26, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Greg Peet | "Greg Peet" <admin@REMOVEMEgregpeet.com> wrote in news:bif5c9$vci$1@digitaldaemon.com: > So then is there some ass on this newsgroup server that is listing email addy's and then sending it? Or are the attacks aimed at people outside this small collection of Martians? > > I bet I'm next on the list for calling him/her an "ass" LOL. Probably is the nature of the virus. I believe I read at Symantec that the virus agressivly gathers information on the infected computer and sends emails impersonating the emails it founds. Maybe reading Symantec's dissection on the virus may bring light... ~/gnf.pt | |||
August 26, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Greg Peet | "Greg Peet" <admin@REMOVEMEgregpeet.com> wrote in message news:bifc3v$19jk$1@digitaldaemon.com... > "Walter" <walter@digitalmars.com> wrote in message > news:bif661$10gs$1@digitaldaemon.com... > | My email address must be well known, because I am sent the sobig worm > | several hundred times a day. It gets rejected by the ever-vigilant Digital > | Mars mail server (thanks, Jan!) before it ever reaches me, but still it | consumes a lot of bandwith at 100k a message. > > Good lord! What exactly is it? Is it an attachment of some script form or object code? I did a search and didn't find much on it. It comes as a 100k attachment that tries to trick you into running it. | |||
September 08, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to gf | gf wrote: > Probably is the nature of the virus. I believe I read at Symantec that the virus agressivly gathers information on the infected computer and sends emails impersonating the emails it founds. True. http://www.viruslist.com/eng/viruslist.html?id=65735 http://www.viruslist.com/eng/viruslist.html?id=61094 http://www.viruslist.com/eng/viruslist.html?id=61094 http://www.viruslist.com/eng/viruslist.html?id=60634 http://www.viruslist.com/eng/viruslist.html?id=58906 - eye | |||
September 22, 2003 Re: sobig virus | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Greg Peet | In the c++.announce newsgroup Greg Peet wrote: > What exactly is it? In a nutshell, it's a mass mailing worm, with it's own SMTP engine, and spoofs email address. There are several variants. Below are links the Symantec Security Response technical write-ups on the some of the variants: > http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.a@mm.html http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b@mm.html http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.c@mm.html http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html When a file is detected as infected with <VIRUS NAME>.enc, it indicates that it is a MIME-encoded file that contains the that virus. -- Regards, Steve Topilnycky Top Cat Computing Web: http://www.topcatcomputing.com/ | |||
Copyright © 1999-2021 by the D Language Foundation