www.digitalmars.com         C & C++   DMDScript  

c++.announce - sobig virus

reply "Walter" <walter digitalmars.com> writes:
A lot of people are getting the sobig virus with a forged return address
saying it is from me. Hence, I am getting a lot of emails from people upset
about receiving the virus from me. The virus is not coming from me, there is
nothing I can do about forged return addresses.
Aug 25 2003
next sibling parent John Reimer <jjreimer telus.net> writes:
Walter wrote:
 A lot of people are getting the sobig virus with a forged return address
 saying it is from me. Hence, I am getting a lot of emails from people upset
 about receiving the virus from me. The virus is not coming from me, there is
 nothing I can do about forged return addresses.
 
 

Ouch! I feel your pain. All these people have to do, I think, is look at the message source to see that the return address is forged. Later, John
Aug 25 2003
prev sibling parent reply "Greg Peet" <admin REMOVEMEgregpeet.com> writes:
So then is there some ass on this newsgroup server that is listing email
addy's and then sending it? Or are the attacks aimed at people outside this
small collection of Martians?

I bet I'm next on the list for calling him/her an "ass" LOL.

"Walter" <walter digitalmars.com> wrote in message
news:bie4cu$2e08$3 digitaldaemon.com...
| A lot of people are getting the sobig virus with a forged return address
| saying it is from me. Hence, I am getting a lot of emails from people
upset
| about receiving the virus from me. The virus is not coming from me, there
is
| nothing I can do about forged return addresses.
|
|
Aug 26 2003
next sibling parent reply "Walter" <walter digitalmars.com> writes:
"Greg Peet" <admin REMOVEMEgregpeet.com> wrote in message
news:bif5c9$vci$1 digitaldaemon.com...
 So then is there some ass on this newsgroup server that is listing email
 addy's and then sending it? Or are the attacks aimed at people outside

 small collection of Martians?

My email address must be well known, because I am sent the sobig worm several hundred times a day. It gets rejected by the ever-vigilant Digital Mars mail server (thanks, Jan!) before it ever reaches me, but still it consumes a lot of bandwith at 100k a message.
Aug 26 2003
parent reply "Greg Peet" <admin REMOVEMEgregpeet.com> writes:
"Walter" <walter digitalmars.com> wrote in message
news:bif661$10gs$1 digitaldaemon.com...
| My email address must be well known, because I am sent the sobig worm
| several hundred times a day. It gets rejected by the ever-vigilant Digital
| Mars mail server (thanks, Jan!) before it ever reaches me, but still it
| consumes a lot of bandwith at 100k a message.

Good lord! What exactly is it? Is it an attachment of some script form or
object code? I did a search and didn't find much on it.

Just recently some idiot has been posting messages to newsgroups
(comp.lang.c and comp.lang.c++) w/ an attachment of some type of amateur
virus I assume (the files are .src exes).. I did a simple message trace and
found the poster originating from the University of Wisconsin.

Are all your attacks coming from free-mailer facilities?
Aug 26 2003
next sibling parent "Greg Peet" <admin REMOVEMEgregpeet.com> writes:
Meant ".scr" for screensaver, not ".src"...

"Greg Peet" <admin REMOVEMEgregpeet.com> wrote in message
news:bifc3v$19jk$1 digitaldaemon.com...
| "Walter" <walter digitalmars.com> wrote in message
| news:bif661$10gs$1 digitaldaemon.com...
| | My email address must be well known, because I am sent the sobig worm
| | several hundred times a day. It gets rejected by the ever-vigilant
Digital
| | Mars mail server (thanks, Jan!) before it ever reaches me, but still it
| | consumes a lot of bandwith at 100k a message.
|
| Good lord! What exactly is it? Is it an attachment of some script form or
| object code? I did a search and didn't find much on it.
|
| Just recently some idiot has been posting messages to newsgroups
| (comp.lang.c and comp.lang.c++) w/ an attachment of some type of amateur
| virus I assume (the files are .src exes).. I did a simple message trace
and
| found the poster originating from the University of Wisconsin.
|
| Are all your attacks coming from free-mailer facilities?
|
|
Aug 26 2003
prev sibling next sibling parent "Walter" <walter digitalmars.com> writes:
"Greg Peet" <admin REMOVEMEgregpeet.com> wrote in message
news:bifc3v$19jk$1 digitaldaemon.com...
 "Walter" <walter digitalmars.com> wrote in message
 news:bif661$10gs$1 digitaldaemon.com...
 | My email address must be well known, because I am sent the sobig worm
 | several hundred times a day. It gets rejected by the ever-vigilant

 | Mars mail server (thanks, Jan!) before it ever reaches me, but still it
 | consumes a lot of bandwith at 100k a message.

 Good lord! What exactly is it? Is it an attachment of some script form or
 object code? I did a search and didn't find much on it.

It comes as a 100k attachment that tries to trick you into running it.
Aug 26 2003
prev sibling parent Steve Topilnycky <no.spam.steve topcatcomputing.com> writes:
In the c++.announce newsgroup Greg Peet wrote: 

 
 What exactly is it?

In a nutshell, it's a mass mailing worm, with it's own SMTP engine, and spoofs email address. There are several variants. Below are links the Symantec Security Response technical write-ups on the some of the variants:
 http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.a mm.html
 http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b mm.html
 http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.c mm.html
 http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e mm.html
 http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f mm.html

When a file is detected as infected with <VIRUS NAME>.enc, it indicates that it is a MIME-encoded file that contains the that virus. -- Regards, Steve Topilnycky Top Cat Computing Web: http://www.topcatcomputing.com/
Sep 22 2003
prev sibling parent reply gf <mz_y2k yahoo...com> writes:
"Greg Peet" <admin REMOVEMEgregpeet.com> wrote in
news:bif5c9$vci$1 digitaldaemon.com: 

 So then is there some ass on this newsgroup server that is listing
 email addy's and then sending it? Or are the attacks aimed at people
 outside this small collection of Martians?
 
 I bet I'm next on the list for calling him/her an "ass" LOL.

Probably is the nature of the virus. I believe I read at Symantec that the virus agressivly gathers information on the infected computer and sends emails impersonating the emails it founds. Maybe reading Symantec's dissection on the virus may bring light... ~/gnf.pt
Aug 26 2003
parent Ilya Minkov <minkov cs.tum.edu> writes:
gf wrote:
 Probably is the nature of the virus. I believe I read at Symantec that the 
 virus agressivly gathers information on the infected computer and sends 
 emails impersonating the emails it founds.

True. http://www.viruslist.com/eng/viruslist.html?id=65735 http://www.viruslist.com/eng/viruslist.html?id=61094 http://www.viruslist.com/eng/viruslist.html?id=61094 http://www.viruslist.com/eng/viruslist.html?id=60634 http://www.viruslist.com/eng/viruslist.html?id=58906 - eye
Sep 08 2003