SobigF worm
Aug 21st, 2003 | 01:09 PM
#1
Original Poster
Joined: Jan 2003
Posts: 8,159
Likes: 0
SobigF worm
I just want to be the first to thank all you kind people who have sent me this worm in the last three days- i've just had a 20 minute download of over 100 messages, almost all of which are worms.
OTOH I would like to apologise to anyone I've inadvertantly sent it to. Since my virus software says I don't have it I don't understand how I managed it but I'm getting enough returned messages to know that I have. I'm genuinely sorry, and will try not to let it happen again
OTOH I would like to apologise to anyone I've inadvertantly sent it to. Since my virus software says I don't have it I don't understand how I managed it but I'm getting enough returned messages to know that I have. I'm genuinely sorry, and will try not to let it happen again
Aug 21st, 2003 | 01:13 PM
#3
Joined: Jun 2003
Posts: 1,407
Likes: 0
More info on the SobigF worm:
http://www.msnbc.com/news/955498.asp
http://edition.cnn.com/2003/TECH/int...eut/index.html
http://www.msnbc.com/news/955498.asp
http://edition.cnn.com/2003/TECH/int...eut/index.html
Aug 21st, 2003 | 01:25 PM
#4
Joined: Jan 2003
Posts: 34,738
Likes: 0
sheila,
Someone in my daughters office had it in her computer and it attached itself to the address book. My daughter ended up getting screamed at by many people for sending them the virus..when she never had it but it came with her email address. Confused emoticon here please~
I got nothing from you though ~ but a hello would be nice
Someone in my daughters office had it in her computer and it attached itself to the address book. My daughter ended up getting screamed at by many people for sending them the virus..when she never had it but it came with her email address. Confused emoticon here please~
I got nothing from you though ~ but a hello would be nice
Aug 21st, 2003 | 01:28 PM
#5
Joined: Jan 2003
Posts: 320
Likes: 0
You may be getting replys back saying you have the virus, when in actuality it is just part of the original virus, & if your anti-virus is working, you do not have the virus. It is the virus sending those messages back to you to try & get you to open the email to give you the virus. The virus can & does use forged addresses. When the addresses are forged (or made up) you cannot really tell where they are coming from. The only thing that is being used out of an infected system is the send to addresses out of the infected email contacts.
Aug 21st, 2003 | 02:20 PM
#6
Original Poster
Joined: Jan 2003
Posts: 8,159
Likes: 0
In fact I think that last input is right. I've spent some work on it in the last couple of hours, spurred on by te fact that none of the undelivered messages seemed to have been to anyone in my address book. Incidentally I use an Offline so it would have been hard for it to penetrate the registry.
To cut a long story short, since very virus scan I've run says its not there, I've come to the conlusion taht these undelivered messages are simply part of the worm's behaviour and not evidence I've been sending it out at all...
But I will be glad to see the back of this one.
To cut a long story short, since very virus scan I've run says its not there, I've come to the conlusion taht these undelivered messages are simply part of the worm's behaviour and not evidence I've been sending it out at all...
But I will be glad to see the back of this one.
Trending Topics
Aug 21st, 2003 | 03:00 PM
#11
Joined: Jan 2003
Posts: 7,130
Likes: 0
Now that I think about it, this has been happening at my computer at work.
I keep getting messages that say "undeliverable," "rejected by recipent," or whatever. I have noticed that the email addresses are none that I've sent to. Our tech guy said that it is part of what the worm does, as you said. It basically uses your address from other people's adress book to send on to other computers. You probably don't have it at all, Sheila.
At least let's hope not.
I keep getting messages that say "undeliverable," "rejected by recipent," or whatever. I have noticed that the email addresses are none that I've sent to. Our tech guy said that it is part of what the worm does, as you said. It basically uses your address from other people's adress book to send on to other computers. You probably don't have it at all, Sheila.
At least let's hope not.
Aug 21st, 2003 | 03:18 PM
#13
Joined: Jan 2003
Posts: 1,433
Likes: 0
I know nothing about computers
. But with WebTv (it's not a computer) it's impossible for me to receive a virus or to send one.
Except if it actually got into the WebTv company computer in California. Which has never happened yet.
But this virus did cull/spambot my e-mail address from somewhere
(I post on UseNet and 3 guidebook travel forums) and sent itself out using my e-mail address.
I've only received ~7 undeliverable e-mails due to the receiver's anti-virus program rejecting them. And none of them was anyone I have ever been in contact with. Regards, Walter
www.msnbc.com/news/954470.asp
. But with WebTv (it's not a computer) it's impossible for me to receive a virus or to send one.Except if it actually got into the WebTv company computer in California. Which has never happened yet.
But this virus did cull/spambot my e-mail address from somewhere
(I post on UseNet and 3 guidebook travel forums) and sent itself out using my e-mail address.
I've only received ~7 undeliverable e-mails due to the receiver's anti-virus program rejecting them. And none of them was anyone I have ever been in contact with. Regards, Walter
www.msnbc.com/news/954470.asp
Aug 21st, 2003 | 07:59 PM
#14
Joined: Jan 2003
Posts: 401
Likes: 0
Just an FYI, [email protected] - Sally, also has this virus. Got an email from her with an attachment. To my recollection, I haven't communicated with her by email in at least 18 months. Luckily, my software virus program acknowledged the virus and deleted the attachment before it was downloaded.
Aug 21st, 2003 | 08:11 PM
#15
Joined: Jan 2003
Posts: 6,793
Likes: 0
I stayed home today and spent a good part of the day planning my vacation. (I posted here quite a bit this morning.) But I spoke to two people from my office this evening and learned that the computer system of our entire state government agency crashed today because of a virus.
Aug 21st, 2003 | 08:25 PM
#16
Joined: Jan 2003
Posts: 5,112
Likes: 0
I'm having the same experience as Gretchen -- several returned "contaminated" emails that were undeliverable. And which, of course, I did NOT send.
The odd thing is that this is all happening only on my hotmail account -- the one I use on fodors and other "public" places (online order confirmations, airline and hotel correspondence, etc). I suspect my address has been grabbed by an infected fodorite.
The odd thing is that this is all happening only on my hotmail account -- the one I use on fodors and other "public" places (online order confirmations, airline and hotel correspondence, etc). I suspect my address has been grabbed by an infected fodorite.
Aug 21st, 2003 | 09:02 PM
#18
Joined: Jan 2003
Posts: 16,067
Likes: 0
Hi Shiela,
Sorry you got hit with one of these things. I can sympathize but at least I get paid to deal with this stuff. I hope you don't mind if I throw out some general stuff I thought might be useful to people posting here.
With email worms, the key is to not open them. Unfortunately, that isn't as easy as it sounds.
If you use the very common Microsoft Outlook Express which comes with most home Windows based computers OR if you use MS Outlook, Standard Ed. which comes with the MS Office Suite (Word, Excel, PowerPoint, etc) - you can still get the activate the worm (virus).
The way email worms is work is by the inclusion of an attachment - either an executable (obvious sign of a bad hack) or as an embedded macro that works upon opening the email. But, the two Microsoft products have the capability of a "Preview Pane" where you can see the contents of an email in a separate pane without actually opening the mail item.
Turn this OFF! Seriously, this is a nice feature but a major problem area. First, as soon as you click on the email, even just to delete it without opening it, the contents show in the preview pane and you're toast if a virus is along for the ride. Don't count on Norton Anti-Virus or McAfee to catch everything. I just spent the better part of this week wresting with another virus that spread over hundreds of servers and thousands of PCs. NAV and McAfee didn't have the new virus definitions out until later that day. So, you have to be careful on your own too. Once one of these worms is on your PC, they may run amok or they may just sit quietly and you'd never know. One guy was using thousands other peoples computers, in tandem, to attack corporation servers like IBM with denial of service attacks and the owners of the PCs never even knew.
Secondly, have you ever get one of those fancy spam emails that look like a web page? Full of pictures? If so, the spammer just logged the fact that you actually looked at the email, even if it were just in the preview pane. Ah-ha! Live email address. Send many many more. Sell live address to other spam lists. When you see that picture, it's actually living on a server somewhere else. When you run a web site/web server, every file someone accesses over the internet from your machine is logged with their IP number. Even Fodors.com has this capability pretty much by default.
Anyway, it behooves you for your sake and your friend's sake to try to head these things off when you can.
- Delete suspicious looking emails, people you don't know, etc.
- Really look out for anything with an attachment, even from family.
- FYI - [email protected] will never send you an email. This is the latest worm going around.
- Update your virus software regularly. It's only getting worse.
- Look in your c:\windows\system32\wins\ directory. If there are two .EXE files there, you have the [email protected] virus. Trust me on this.
- and TURN OFF THE PREVIEW PANE. Here's how, in Outlook Express.
View -> Layout and then turn off the preview pane. Uncheck "Show Preview Pane". Click OK and you've got it.
Sorry you got hit with one of these things. I can sympathize but at least I get paid to deal with this stuff. I hope you don't mind if I throw out some general stuff I thought might be useful to people posting here.
With email worms, the key is to not open them. Unfortunately, that isn't as easy as it sounds.
If you use the very common Microsoft Outlook Express which comes with most home Windows based computers OR if you use MS Outlook, Standard Ed. which comes with the MS Office Suite (Word, Excel, PowerPoint, etc) - you can still get the activate the worm (virus).
The way email worms is work is by the inclusion of an attachment - either an executable (obvious sign of a bad hack) or as an embedded macro that works upon opening the email. But, the two Microsoft products have the capability of a "Preview Pane" where you can see the contents of an email in a separate pane without actually opening the mail item.
Turn this OFF! Seriously, this is a nice feature but a major problem area. First, as soon as you click on the email, even just to delete it without opening it, the contents show in the preview pane and you're toast if a virus is along for the ride. Don't count on Norton Anti-Virus or McAfee to catch everything. I just spent the better part of this week wresting with another virus that spread over hundreds of servers and thousands of PCs. NAV and McAfee didn't have the new virus definitions out until later that day. So, you have to be careful on your own too. Once one of these worms is on your PC, they may run amok or they may just sit quietly and you'd never know. One guy was using thousands other peoples computers, in tandem, to attack corporation servers like IBM with denial of service attacks and the owners of the PCs never even knew.
Secondly, have you ever get one of those fancy spam emails that look like a web page? Full of pictures? If so, the spammer just logged the fact that you actually looked at the email, even if it were just in the preview pane. Ah-ha! Live email address. Send many many more. Sell live address to other spam lists. When you see that picture, it's actually living on a server somewhere else. When you run a web site/web server, every file someone accesses over the internet from your machine is logged with their IP number. Even Fodors.com has this capability pretty much by default.
Anyway, it behooves you for your sake and your friend's sake to try to head these things off when you can.
- Delete suspicious looking emails, people you don't know, etc.
- Really look out for anything with an attachment, even from family.
- FYI - [email protected] will never send you an email. This is the latest worm going around.
- Update your virus software regularly. It's only getting worse.
- Look in your c:\windows\system32\wins\ directory. If there are two .EXE files there, you have the [email protected] virus. Trust me on this.
- and TURN OFF THE PREVIEW PANE. Here's how, in Outlook Express.
View -> Layout and then turn off the preview pane. Uncheck "Show Preview Pane". Click OK and you've got it.
