New Virus - WARNING

The machines we love to hate

Moderator: Wiz Feinberg

Post Reply
User avatar
Mark Ardito
Posts: 899
Joined: 9 Aug 1999 12:01 am
Location: Chicago, IL, USA

New Virus - WARNING

Post by Mark Ardito »

Another Trojan-Horse is hitting a TON of people.

It is called "SoBig" or W32.Sobig.F@mm

The subject of the email will be:

Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details

The attachment will be:

your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

DO NOT OPEN THIS.

Please read here for more details.

Thanks!
Mark


------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

User avatar
CrowBear Schmitt
Posts: 11624
Joined: 8 Apr 2000 12:01 am
Location: Ariege, - PairO'knees, - France
Contact:

Post by CrowBear Schmitt »

i've gotten 7 sobigs today and it's not midnight yet
thanx to Norton/Symantec they have been neutralized
how many of you have gotten any today ?
i'd love to get my hands on the jokers that send these viruses
Image Image Image
hang 'em high.....

------------------
Steel what?


<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by CrowBear Schmitt on 20 August 2003 at 10:23 AM.]</p></FONT>
User avatar
Mark Ardito
Posts: 899
Joined: 9 Aug 1999 12:01 am
Location: Chicago, IL, USA

Post by Mark Ardito »

I got 562 this morning! Yep, that is right...562!

Mark


------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

User avatar
Jay Ganz
Posts: 2566
Joined: 4 Aug 1998 11:00 pm
Location: Out Behind The Barn
Contact:

Post by Jay Ganz »

I already changed my Forum email address to
an online webmail site so the emails aren't
put on my hard drive. My Norton detected
the above mentioned viruses with no problem,
but who wants to take a chance. It seems
every time this sorta thing happens, it's
through the Forum (unfortunately).
User avatar
b0b
Posts: 29108
Joined: 4 Aug 1998 11:00 pm
Location: Cloverdale, CA, USA
Contact:

Post by b0b »

Actually, it's not "through the Forum". It's through people who have built large address books by corresponding with Forum members.

There has never been an instance of the Forum or a Forum moderator distributing a virus to Forum members. The Forum computer itself runs under Linux and is locked down very tight. Only one of my computers has an email client on it, and I only run that twice a month to archive mail when my web-based mailboxes get full. And I never run Microsoft Outlook Express, the #1 program used to distribute viruses.

In other words, it's nearly impossible for a virus to be distributed via the Forum computers.

------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator
User avatar
CrowBear Schmitt
Posts: 11624
Joined: 8 Apr 2000 12:01 am
Location: Ariege, - PairO'knees, - France
Contact:

Post by CrowBear Schmitt »

i got 25 more
no forumites seem to be the origin of this stuff
Jeff A. Smith
Posts: 807
Joined: 14 Feb 2001 1:01 am
Location: Angola,Ind. U.S.A.

Post by Jeff A. Smith »

I'm glad I finally got around to deleting my address book, and putting everything on a Word document and disc.

b0b, it's reassuring to have a bonafide "expert" in charge here. Image
User avatar
Jay Ganz
Posts: 2566
Joined: 4 Aug 1998 11:00 pm
Location: Out Behind The Barn
Contact:

Post by Jay Ganz »

I got rid of my address book also
awhile back. Now I wish any forumites
with a giant list of addresses would
do the same! At least it's good to
know the Forum itself is protected.
User avatar
b0b
Posts: 29108
Joined: 4 Aug 1998 11:00 pm
Location: Cloverdale, CA, USA
Contact:

Post by b0b »

From the Sophos page about Sobig-F:
<SMALL>When it distributes itself via email it forges the sender's email address, making it difficult to know who is truly infected.</SMALL>
------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator
User avatar
Ken Lang
Posts: 4708
Joined: 8 Jul 1999 12:01 am
Location: Simi Valley, Ca

Post by Ken Lang »

There needs to be some big time global penalties for the whiz kids and the serious disrupters. For the latter, 5 years hard time with no electricity, not even a light in their cell.

For the former, 5 years of strict banjo lessons followed by 5 years of accordian lessons. By that time, computer code will have passed them by and they'll either have to play "Lady of Spain" in 2/4 time somewhere in the South or Earl Scruggs songs in Italy.
User avatar
Al Marcus
Posts: 9440
Joined: 12 May 1999 12:01 am
Location: Cedar Springs,MI USA (deceased)
Contact:

Post by Al Marcus »

Hey b0b, what can we use in place of Outlook express and still keep our contacts up?...Thanks....al Image Image

------------------
My Website..... www.cmedic.net/~almarcus/


Jeff Agnew
Posts: 741
Joined: 18 Sep 1998 12:01 am
Location: Dallas, TX

Post by Jeff Agnew »

<SMALL>what can we use in place of Outlook express and still keep our contacts up?</SMALL>
Any full-featured, dedicated mail client. Three excellent candidates are: Poco, The Bat, and Pegasus. The first two are commercial products, Pegasus is free. Poco and The Bat are well worth the minimal cost, however. Neither can be victimized by common address book or e-mail exploits like Lookout Express. Both disable HTML and Javascript in e-mail messages by default. They are highly configurable and can handle multiple accounts with ease.

Although some folks swear by the Netscape/Mozilla mail client, I've found it quite limited compared to a standalone e-mail program.
Jimmy Lewis
Posts: 294
Joined: 8 May 2002 12:01 am
Location: Harrisonburg, Louisiana, USA

Post by Jimmy Lewis »

Eudora is another good mail client. They have a free verson of the program on their web site.
User avatar
Earnest Bovine
Posts: 8318
Joined: 4 Aug 1998 11:00 pm
Location: Los Angeles CA USA

Post by Earnest Bovine »

Eudora and Pegasus seem very nice.
They let us import our address book from Netscape v4.7x.
But they seem to lack a feature which our household requires: "Add sender to address book" with a mouse click or 2. Correct me if I'm wrong.
Ron Page
Posts: 5724
Joined: 4 Aug 1998 11:00 pm
Location: Penn Yan, NY USA

Post by Ron Page »

I don't have but a few of y'all's e-dress in my Outlook Express address book. My first impression about the idea of getting rid of the address book was, "Yeah, and I'll go back to using the function keys instead of a mouse too."

However, on second thought, it might be a reasonable alternative to keep the addresses in a Word file on the desktop and not provide a potential re-transmission point for a virus. I'll take that under advisement. Image

On the other hand, I've become almost fanatical about applying the XP updates and Norton Live Updates. I also enable the XP Pro firewall. I don't want to succumb compeletely to the hackers, and that address book is mighty convenient.

Thanks for the heads-up on this one. I had a few in the Inbox last night at home; all scrubbed clean by Norton Anti-Virus.

------------------
HagFan

<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Ron Page on 22 August 2003 at 10:25 AM.]</p></FONT>
Donny Hinson
Posts: 21192
Joined: 16 Feb 1999 1:01 am
Location: Glen Burnie, Md. U.S.A.

Post by Donny Hinson »

Could it be most people are too busy (lazy?) to actually write down someone's e-mail address, and then type it in every time they want to send something? This would all but <u>eliminate</i> this type of thing. Is it so much trouble? Do most of us regularly send e-mails to hundreds of people each day, so that we could actually say we <u>need</u> this feature? Maybe b0b. But everyone else? Somehow, I doubt it.

Yeah, I know, it's really convenient to use the popular (Microsoft or AOL) e-mail clients with their "address book" feature. But if you continue to "leave the front door open", the hackers will keep "walkin' in".
Jeff A. Smith
Posts: 807
Joined: 14 Feb 2001 1:01 am
Location: Angola,Ind. U.S.A.

Post by Jeff A. Smith »

Well, I've received a couple of delivery failure notifications that the virus has forged my e-mail address and tried to infect a couple of e-mail addresses I've never heard of.

Did a full scan with Norton which checked out okay. So far I haven't received any notice that it's tried to hit me personally. I don't know if the fact that my address has been forged means it actually has contacted me in some way. Image

Something that seemed goofy to me: One of the notifications (which is long and official-looking) had an accompaying attachment which was supposed to have more information. Needless to say, I felt I had enough knowledge already.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff A. Smith on 22 August 2003 at 09:38 PM.]</p></FONT>
User avatar
b0b
Posts: 29108
Joined: 4 Aug 1998 11:00 pm
Location: Cloverdale, CA, USA
Contact:

Post by b0b »

I use register.com's email service. No mail client is necessary, and I can read my mail on any computer that's connected to the internet, through any browser. It costs $30/year, but you have to have a domain registered with them for it to work.

------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator
User avatar
Mark Ardito
Posts: 899
Joined: 9 Aug 1999 12:01 am
Location: Chicago, IL, USA

Post by Mark Ardito »

Jeff A. Smith,

That delivery failure means just what you said it does. Your address was "spoofed" and it sent an email to a bad address. It was returned to you because your address was the sender (not really). You are not infected. Keep updating your Virus Scan definitions and your Windows Updates.

Mark
Jeff A. Smith
Posts: 807
Joined: 14 Feb 2001 1:01 am
Location: Angola,Ind. U.S.A.

Post by Jeff A. Smith »

Thanks Mark. I've been reading your tips on viruses, and see your willingness to help others. I appreciate it.
User avatar
Mark Ardito
Posts: 899
Joined: 9 Aug 1999 12:01 am
Location: Chicago, IL, USA

Post by Mark Ardito »

Jeff,

I appreciate the kind words! This is the way I look at it...I learn SO much from this forum about the PSG and playing and technique and I can go on and on! So I think that whatever I can give back to the forum is just the right thing to do.

Thanks!
Mark


------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

forrest klott
Posts: 1034
Joined: 18 Dec 2000 1:01 am
Location: Grand Rapids Mi USA

Post by forrest klott »

I've been getting a TON of these since thursday, including some from some Forum members...in this instance, would it be permissable to put a small post in all of the other topics of this Forum directing people to this posting so they know (if not already) what to do and not to do as far as this virus goes?? I thought about it, but wasn't sure if that was permissable.

Skeeter Klott
User avatar
b0b
Posts: 29108
Joined: 4 Aug 1998 11:00 pm
Location: Cloverdale, CA, USA
Contact:

Post by b0b »

I'm getting a lot of them too. Keep in mind that the "From" field is a lie. I wouldn't want to spread panic by putting it in all of the Forum sections.

I did put a notice about it in Feedback and Testing. I think that two notices is enough.

------------------
<img align=left src="http://b0b.com/Officeb0b.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>

 System Administrator
User avatar
Jim Smith
Posts: 7946
Joined: 4 Aug 1998 11:00 pm
Location: Midlothian, TX, USA

Post by Jim Smith »

One other thing to watch out for. I haven't received this virus myself (yet), but have received a returned message with it attached. Apparently it spoofed my "from" address, so it was returned to me when the recipient didn't exist. Norton did it's job of catching it, as usual. Image
Marco den Hertog
Posts: 44
Joined: 26 Nov 1999 1:01 am
Location: Amersfoort, The Netherlands
Contact:

Post by Marco den Hertog »

its a nasty little sucker, cause on the machine infected it reproduces itself by sending itsself to every name in the addressbook from every name in the adressbook
meaning if you got a 100 names addressbook
it wil send 100 x 100 emails to spread around !!

if the next that recieves such a mail clicks the darn attach. and his addressbook has a 100 well you can figure it out i guess

after a week of no more sobigs today it started to come in here again.
as it is set to selfdestruct on 10th of sept. i guess we`ll be havin this problem for a few more days !!

BTW: my vote goes to Pegasus mail (http://www.pmail.com), been using it for more than 4 years now and i must say less problems with virusses attacking my address book..
<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Marco den Hertog on 03 September 2003 at 04:23 AM.]</p></FONT>
Post Reply