New Virus - WARNING

[Mark Ardito]

Another Trojan-Horse is hitting a TON of people.

It is called "SoBig" or W32.Sobig.F@mm

The subject of the email will be:

Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details

The attachment will be:

your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

DO NOT OPEN THIS.

Please read here for more details.

Thanks!
Mark


------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

[CrowBear Schmitt]

i've gotten 7 sobigs today and it's not midnight yet
thanx to Norton/Symantec they have been neutralized
how many of you have gotten any today ?
i'd love to get my hands on the jokers that send these viruses

hang 'em high.....

------------------
Steel what?


<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by CrowBear Schmitt on 20 August 2003 at 10:23 AM.]</p></FONT>

[Mark Ardito]

I got 562 this morning! Yep, that is right...562!

Mark


------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

[Jay Ganz]

I already changed my Forum email address to
an online webmail site so the emails aren't
put on my hard drive. My Norton detected
the above mentioned viruses with no problem,
but who wants to take a chance. It seems
every time this sorta thing happens, it's
through the Forum (unfortunately).

[b0b]

Actually, it's not "through the Forum". It's through people who have built large address books by corresponding with Forum members.

There has never been an instance of the Forum or a Forum moderator distributing a virus to Forum members. The Forum computer itself runs under Linux and is locked down very tight. Only one of my computers has an email client on it, and I only run that twice a month to archive mail when my web-based mailboxes get full. And I never run Microsoft Outlook Express, the #1 program used to distribute viruses.

In other words, it's nearly impossible for a virus to be distributed via the Forum computers.

------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator

[CrowBear Schmitt]

i got 25 more
no forumites seem to be the origin of this stuff

[Jeff A. Smith]

I'm glad I finally got around to deleting my address book, and putting everything on a Word document and disc.

b0b, it's reassuring to have a bonafide "expert" in charge here.

[Jay Ganz]

I got rid of my address book also
awhile back. Now I wish any forumites
with a giant list of addresses would
do the same! At least it's good to
know the Forum itself is protected.

[b0b]

From the Sophos page about Sobig-F:

<SMALL>When it distributes itself via email it forges the sender's email address, making it difficult to know who is truly infected.</SMALL>

------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator

[Ken Lang]

There needs to be some big time global penalties for the whiz kids and the serious disrupters. For the latter, 5 years hard time with no electricity, not even a light in their cell.

For the former, 5 years of strict banjo lessons followed by 5 years of accordian lessons. By that time, computer code will have passed them by and they'll either have to play "Lady of Spain" in 2/4 time somewhere in the South or Earl Scruggs songs in Italy.

[Al Marcus]

Hey b0b, what can we use in place of Outlook express and still keep our contacts up?...Thanks....al

------------------
My Website..... www.cmedic.net/~almarcus/

[Jeff Agnew]

<SMALL>what can we use in place of Outlook express and still keep our contacts up?</SMALL>

Any full-featured, dedicated mail client. Three excellent candidates are: Poco, The Bat, and Pegasus. The first two are commercial products, Pegasus is free. Poco and The Bat are well worth the minimal cost, however. Neither can be victimized by common address book or e-mail exploits like Lookout Express. Both disable HTML and Javascript in e-mail messages by default. They are highly configurable and can handle multiple accounts with ease.

Although some folks swear by the Netscape/Mozilla mail client, I've found it quite limited compared to a standalone e-mail program.

[Jimmy Lewis]

Eudora is another good mail client. They have a free verson of the program on their web site.

[Earnest Bovine]

Eudora and Pegasus seem very nice.
They let us import our address book from Netscape v4.7x.
But they seem to lack a feature which our household requires: "Add sender to address book" with a mouse click or 2. Correct me if I'm wrong.

[Ron Page]

I don't have but a few of y'all's e-dress in my Outlook Express address book. My first impression about the idea of getting rid of the address book was, "Yeah, and I'll go back to using the function keys instead of a mouse too."

However, on second thought, it might be a reasonable alternative to keep the addresses in a Word file on the desktop and not provide a potential re-transmission point for a virus. I'll take that under advisement.

On the other hand, I've become almost fanatical about applying the XP updates and Norton Live Updates. I also enable the XP Pro firewall. I don't want to succumb compeletely to the hackers, and that address book is mighty convenient.

Thanks for the heads-up on this one. I had a few in the Inbox last night at home; all scrubbed clean by Norton Anti-Virus.

------------------
HagFan

<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Ron Page on 22 August 2003 at 10:25 AM.]</p></FONT>

[Donny Hinson]

Could it be most people are too busy (lazy?) to actually write down someone's e-mail address, and then type it in every time they want to send something? This would all but <u>eliminate</i> this type of thing. Is it so much trouble? Do most of us regularly send e-mails to hundreds of people each day, so that we could actually say we <u>need</u> this feature? Maybe b0b. But everyone else? Somehow, I doubt it.

Yeah, I know, it's really convenient to use the popular (Microsoft or AOL) e-mail clients with their "address book" feature. But if you continue to "leave the front door open", the hackers will keep "walkin' in".

[Jeff A. Smith]

Well, I've received a couple of delivery failure notifications that the virus has forged my e-mail address and tried to infect a couple of e-mail addresses I've never heard of.

Did a full scan with Norton which checked out okay. So far I haven't received any notice that it's tried to hit me personally. I don't know if the fact that my address has been forged means it actually has contacted me in some way.

Something that seemed goofy to me: One of the notifications (which is long and official-looking) had an accompaying attachment which was supposed to have more information. Needless to say, I felt I had enough knowledge already.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff A. Smith on 22 August 2003 at 09:38 PM.]</p></FONT>

[b0b]

I use register.com's email service. No mail client is necessary, and I can read my mail on any computer that's connected to the internet, through any browser. It costs $30/year, but you have to have a domain registered with them for it to work.

------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator

[Mark Ardito]

Jeff A. Smith,

That delivery failure means just what you said it does. Your address was "spoofed" and it sent an email to a bad address. It was returned to you because your address was the sender (not really). You are not infected. Keep updating your Virus Scan definitions and your Windows Updates.

Mark

[Jeff A. Smith]

Thanks Mark. I've been reading your tips on viruses, and see your willingness to help others. I appreciate it.

[Mark Ardito]

Jeff,

I appreciate the kind words! This is the way I look at it...I learn SO much from this forum about the PSG and playing and technique and I can go on and on! So I think that whatever I can give back to the forum is just the right thing to do.

Thanks!
Mark


------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

[forrest klott]

I've been getting a TON of these since thursday, including some from some Forum members...in this instance, would it be permissable to put a small post in all of the other topics of this Forum directing people to this posting so they know (if not already) what to do and not to do as far as this virus goes?? I thought about it, but wasn't sure if that was permissable.

Skeeter Klott

[b0b]

I'm getting a lot of them too. Keep in mind that the "From" field is a lie. I wouldn't want to spread panic by putting it in all of the Forum sections.

I did put a notice about it in Feedback and Testing. I think that two notices is enough.

------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator

[Jim Smith]

One other thing to watch out for. I haven't received this virus myself (yet), but have received a returned message with it attached. Apparently it spoofed my "from" address, so it was returned to me when the recipient didn't exist. Norton did it's job of catching it, as usual.

[Marco den Hertog]

its a nasty little sucker, cause on the machine infected it reproduces itself by sending itsself to every name in the addressbook from every name in the adressbook
meaning if you got a 100 names addressbook
it wil send 100 x 100 emails to spread around !!

if the next that recieves such a mail clicks the darn attach. and his addressbook has a 100 well you can figure it out i guess

after a week of no more sobigs today it started to come in here again.
as it is set to selfdestruct on 10th of sept. i guess we`ll be havin this problem for a few more days !!

BTW: my vote goes to Pegasus mail (http://www.pmail.com), been using it for more than 4 years now and i must say less problems with virusses attacking my address book..
<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Marco den Hertog on 03 September 2003 at 04:23 AM.]</p></FONT>