W32.Sobig.F@mm virus.

[Frequent_Flyer]

Ok so the W32.Sobig.F@mm virus is out there but I have never in my life
received so many emails with a virus in them. I have received 10 so far
today most from hotmail, attbi, and dgsnet.dk. I don't either bother trying
to trace origins anymore.

Is that virus more widespread that some of the other recent ones or am I
just unlucky enough to be on the spammer email address? I have probably
received 2 attachments with a virus in the past 2 years before receiving 10
today.

FF

 

[David W.E. Roberts]

Ok so the W32.Sobig.F@mm virus is out there but I have never in my life
received so many emails with a virus in them. I have received 10 so far
today most from hotmail, attbi, and dgsnet.dk. I don't either bother trying
to trace origins anymore.

Is that virus more widespread that some of the other recent ones or am I
just unlucky enough to be on the spammer email address? I have probably
received 2 attachments with a virus in the past 2 years before receiving 10
today.

Do you receive a lot of SPAM?
I am being pestered on one account which is also a favourite of spammers.
This makes me think that this virus/worm is using a SPAM directory for
recipients instead of using the address book from the infected PC.

 

[Frequent_Flyer]

Do you receive a lot of SPAM?
I am being pestered on one account which is also a favourite of spammers.
This makes me think that this virus/worm is using a SPAM directory for
recipients instead of using the address book from the infected PC.

It's real hard to say because I run the McAfee Spam killer and I generally
don't even get spam unless it from a regular appearing account with a
legitimate subject line. Of course this virus puts Thank You in the subject
line and such.

Now here is the really weird part. I have received several emails from
domains saying my message could not be delivered because it contained the
virus.

The only probelm is that the email account in question only allows me to
receive email. I can't send from that account. It is a old earthlink
account which they still allow me to receive email but not send. It is a
email address which I use on places like ebay and other public places.

I have scanned my computer and double-checked the registry and I am certain
my machine is not infected. I am hoping that my email address is not one
that the worm has included to look like it is sent from.

FF

 

[Frequent_Flyer]

Here is a link to what I am talking about. This is a picture of my outlook
today.

FF

http://www.schapers.org/S2000/virusthreat.jpg

And keep in mind my computer is clean and I can't even send email from the
account in question. I can only receive email.

FF

 

[David W.E. Roberts]

Here is a link to what I am talking about. This is a picture of my outlook
today.

FF

http://www.schapers.org/S2000/virusthreat.jpg

And keep in mind my computer is clean and I can't even send email from the
account in question. I can only receive email.

From what you say your Earthlink address has probably been harvested for
SPAM use.

Suggests that the originators and recipients are from SPAM lists.

Fortunately I haven't received any 'non-deliveries' yet.

I managed to identify the source of my messages by looking at the IP address
in the header.
I tracked it through RIPE and it turned out to be a London Borough Council.
I phoned them and they knew about the virus infection.
They claimed to have fixed it but I had another burst of activity after
18:00 BST and there was nobody left at the council to talk to :-(

However it seems to have stopped again

Cheers
Dave R

 

[Frequent_Flyer]

I haven't received any in a while but I suspect there will be a whole ton at
a time. It seems like there have been cycles during the day. I'm glad I
have like 10 email addresses. I am just going to not use the earthlink one
anymore!

FF

 

[Glenn Mitchell]

The fact that the message appears to be from you is one of the
characteristics of sobig. It is, in fact, from someone who has your
e-mail address in their address book, in a saved e-mail, or somewhere
else on your system where it can be "harvested" by the worm. The worm
then uses it's own SMTP mail software to send out an e-mail to the
harvested addresses AND sometimes makes the mail look like it came
from one of the harvested addresses!

See http://www.updatexp.com/sobig-worm-f.html for more
information/details.

Regards.

Glenn Mitchell

 

[Frequent_Flyer]

Thanks Glenn. I had just found the following article that explained that:

http://www.wral.com/technology/2415659/detail.html

FF

PS:I believe the time is coming where the ISP's need to scan all incoming
emails before they hit the damn M$ platform. The bad thing is I like the M$
platform for Workstations but geez, how many security holes can it have. I
suppose a infinite amount.

 

[Bart Bailey]

Ok so the W32.Sobig.F@mm virus is out there but I have never in my life
received so many emails with a virus in them.

BTW: This is the first time Mailwasher has tagged the "possible virus"
label on any email, I was beginning to think it didn't work.

 

[Bart Bailey]

Do you receive a lot of SPAM?
I am being pestered on one account which is also a favourite of spammers.
This makes me think that this virus/worm is using a SPAM directory for
recipients instead of using the address book from the infected PC.

All my copies were sent to the addy in my header that I post with <g>

 

[Bart Bailey]

I am hoping that my email address is not one
that the worm has included to look like it is sent from.

Five of my copies were "from" an addy of a regular poster to this group,
wonder if he's infected?

 

[MowerX]

Ok so the W32.Sobig.F@mm virus is out there but I have never in my life
received so many emails with a virus in them. I have received 10 so far
today most from hotmail, attbi, and dgsnet.dk. I don't either bother trying
to trace origins anymore.

Is that virus more widespread that some of the other recent ones or am I
just unlucky enough to be on the spammer email address? I have probably
received 2 attachments with a virus in the past 2 years before receiving 10
today.

Ha, lightweight! I've received well over 2,000 of these today, and I am NOT
exaggerating. Fortunately many of them are filtered out at the server level,
but quite a few make it through (for some reason not all messages have valid
attachments and these pass) and I'm getting a ton of delivery failure
notices.

- MX

 

[Frequent_Flyer]

Yes well I am only speaking of my home computer. When it comes to my
profession, the philosophy has always been to run when someone mentions
anti-virus or backups. These are straight from the all-blame no credit
department

FF

 

[optikl]

I have probably

received 2 attachments with a virus in the past 2 years before receiving 10
today.

I had 30 in 1 of my email boxes by mid-afternoon.

 

[kalalau]

The fact that the message appears to be from you is one of the
characteristics of sobig. It is, in fact, from someone who has your
e-mail address in their address book, in a saved e-mail, or somewhere
else on your system where it can be "harvested" by the worm. The worm
then uses it's own SMTP mail software to send out an e-mail to the
harvested addresses AND sometimes makes the mail look like it came
from one of the harvested addresses!

See http://www.updatexp.com/sobig-worm-f.html for more
information/details.

I think I am the recipient of one of these viruses. I have gotten
dozens of messages over the last couple days that say that a message
(that I never sent) could not be delivered. I did three virus scans
and checked the registry and my computer is clean. But I don't
recognize any of the addresses that have been harvested. How do I stop
getting these messages sent to me? I am going away for a few weeks and
am worried that when I get back my mailbox will have exploded.

Thanx,

Rich

 

[Frequent_Flyer]

Rich,

I am in the same boat. I am leaving for vacation in a couple of hours.

I just went to ebay, paypal, etc. and changed my email address to another I
have. I am no longer going to use the email account that is getting spammed
to death with the sobig.

Can you change your email address/

Good luck,
FF

 

[Gerhard Beulke]

Ok so the W32.Sobig.F@mm virus is out there but I have never in my life
received so many emails with a virus in them. I have received 10 so far
today most from hotmail, attbi, and dgsnet.dk. I don't either bother trying
to trace origins anymore.

Is that virus more widespread that some of the other recent ones or am I
just unlucky enough to be on the spammer email address? I have probably
received 2 attachments with a virus in the past 2 years before receiving 10
today.

FF

200+ so far here...
Cheers

 

[Gabriele Neukam]

I am hoping that my email address is not one
that the worm has included to look like it is sent from.

Five of my copies were "from" an addy of a regular poster to this group,
wonder if he's infected?[/QUOTE]

Probably not, or Symantec would have been hit, too.

----- Header -----
Return-Path: <[email protected]>
Received: from HPPAV ([162.40.243.147]) by mailin01.sul.t-online.de
with esmtp id 19pFqe-1TuBSS0; Wed, 20 Aug 2003 01:25:08 +0200
From: <[email protected]>
To: <[email protected]>
Subject: Re: Re: My details
Date: Tue, 19 Aug 2003 19:25:29 --0400
X-MailScanner: Found to be clean
Importance: Normal
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
X-Seen: false
X-Mailer: T-Online eMail 4.111
Content-Type: multipart/mixed;
boundary="_NextPart_000_01BD2B8E"
----- End of Header -----


Gabriele Neukam

(e-mail address removed)