Today I suddenly started getting e-mails from a buch of Letterheads..even including the mayor himself!!!
Unfortunately, I can't read any of em cuz Mr. Norton quaranteen's em all.. So far..51 infected e-mails in 5 hours and still counting.
Someone that has our e-mail addresses in their address book is stupid enough to not have anti-virus protection or is too cheap to pay for current automatic updates.
Bummer that the rest of us have to spend the time to wait for Norton to individually inspect each and every e-mail and then quaranteen them.
I know that this has been said before..but...I wanna vent too.
WHOEVER YOU ARE....SPEND A COUPLE OF BUX AND PROTECT YOURSELF AND SAVE ALL OF THE REST OF US A LOT OF TIME FIXING YOUR F**K UP!!!!!!!!!!!!!!
Posted by Curtis hammond (Member # 2170) on :
ITs not a matter of Stupid, or CHEAP or carelessness.
It's a matter of polymorphic virii comming out so fast that many cannot keep up with updates. Some are changing as they are activated making it very difficult for updates to keep current.
Some newer attacks are so fast they scan your computer for URL's AND email address and run the payload before someone can download the updates..
Also, the newer virii are using random email addresses from any one's list which is designed to make it almost impossible to trace them back to the original sender.
Firewall. router, anti virii, and setting outlook/outlook express NOT to preview emails are the only way to keep virii out.
No need to be peeved off. Virii are not personal attacks just becomming a nusance.
[ August 24, 2003, 10:01 PM: Message edited by: Curtis hammond ]
Posted by Steve Shortreed (Member # 436) on :
I understand your frustration Dave. Over the last couple days here in Quebec, people have been amazed to see the number of infected files we are getting.
If anyone is getting mail from our laptop, it's a mystery to me. Barb and I have been on the road since last Wednesday. During that time, we haven't been able to send out any email. Fact is...we have not had a mail server since our departure.
Even when we have a mail server, the laptop has the very latest version of Norton Pro installed, along with the newest ZoneAlarm Pro. All mail is scanned as it comes in, and again before anything is sent. We've used the Eudora mail program exclusively since we joined the Internet back in early 1995. What more can you do?
Posted by Dave Grundy (Member # 103) on :
Steve..I know that the e-mails are not from you or anyone else that the "sender" info shows. BUT I have to believe that, since each and every one was from familiar names, that someone that has our names in their address book does not use anti-virus protection.
In this day and age that is plain stupid.
Posted by Dave Utter (Member # 634) on :
that's one reason I don't even keep an address book. I keep all of our addresses in a notepad file. I type the persons name, leave a few spaces and then type the addy. The next person goes on a new line. I save it on the desktop, and dropped a shortcut to it into the quicklaunch bar. If you need to email someone, you just hit the shortcut, scroll down to who you want, and copy and paste the addy to the email. That way the viri, just don't have any toys to play with. Posted by Monte Jumper (Member # 1106) on :
What else? I can't believe you miss the obvious....We could have a letterville rendevous...syncronize our watches and at some magical minute everyone change their e-mail address...voila no more virus and very little e-mail... I like it!
Posted by Fred Weiss (Member # 3662) on :
This one, named SoBig.f, is in it fifth or sixth incarnation and has set new and previously unimaginable records for how much traffic it has generated.
As I understand it, individual address books are small potatoes for it and it gobbles up membership lists with ease. Then it randomly generates senders and recipients from its own virtual mail server.
I've received more than 100 emails today with it generated by this worm. About half were from addresses that, from their names, are sign industry related. None reached my computer since our ISP provides a spam and virus filter.
Caution should be taken if you are using such a filter though, that you don't mark an address down that you might ordinarily accept email from. If you do, then that address will be blocked from sending you email in the future. Put in plain terms, delete the infected email but don't mark it as an address to be blocked.
SoBig.f will become benign after September 10th. Of course, then we will have SoBig.g to look forward to.
Posted by Don Coplen (Member # 127) on :
I saw on the news that a university (can't recall which one) had to shut down their IP cause they were gettin 30,000 of those emails an hour. Doubt stupid, careless, etc had much to do with it.
Posted by Mike Pulskamp (Member # 3475) on :
I think it is a "spider" program It goes out on the net, to sites like this, and looks for anything with an @ in the middle and a .com, .net, .whatever at the end. Look at your signature. D'oup! spidy's got your address! But go ahead and buy the newest anti virus stuff. It can't do anything about places that we post our addresses but it can still save our pcs. Or...
So stop pointing fingers and buy a mac! Sorry I just couldn't help it. I get the e-mails too. I just don't worry so much about the virii. Very few will run on macs.
Posted by Michael Boone (Member # 308) on :
I just recieved an email from ya dave.... infected... Jeese... I never did nuttin to you!~
Posted by Richard Bustamante (Member # 370) on :
I started getting them too. The attached file is a *.pif format If you double click on it, you'll open it up.
I guess since I'm getting these e-mails, that I'm not the one spreading it around.
If I send you an e-mail with an attached file, let me know. Then again, it could be that virtual e-mail server the virus makes.
I'm usually real good at catching these things, but they seem to be getting more and more sophisticated.
I'm using a win98 system. I thought that this virus only attacks ME,NT,win2000, etc. That it infects from computer to computer via an open port Since win98 doesn't use this type of port, e-mail is used, and exploited during infestation.
Posted by old paint (Member # 549) on :
i just cleaned the SOBIG winppr32.exe off this machine....i didnt open any of those emails....and i got it.....norton caught it. but it had already took the names in the addy book....and sent emails of its own without me doing anything....this is a self replicating viri...not much you can do except catch it and delete it..and dave...nobody likes you that much......hahahahahahahahah just kiddin... and nobody hates you that much to just send crap to you..we all been gettin it...
Posted by Joey Madden (Member # 1192) on :
Dave Grundy, you should be ashamed of yourself!
Posted by david drane (Member # 507) on :
I get this message sometimes: Your current settings prohibit running activeX controls on this page. As a result the page may not display correctly. I have since turned off the preview thingy, now does that mean I can get no email at all. As a precaution to others I have emptied my address book. I have recieved heaps of infected ones from letterheads including Golden and terry whynott.
Posted by Diane Crowther (Member # 120) on :
DAVE, don't bother waiting for Norton to go through its quarantine thing. Set it up to just delete without advising you. It makes life a whole lot easier.
Posted by David Fisher (Member # 107) on :
Dave, I assume this is old news to you but for the benefit of anyone not familiar with this strain of virus...
"W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.
For example, Linda Anderson is using a computer infected with W32.Sobig.F@mm. Linda is neither using an antivirus program nor has the current virus definitions. When W32.Sobig.F@mm performs its email routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From" portion of an infected message, which it then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message; however, when Harold scans his computer, Norton AntiVirus does not find anything, because his computer is not infected." Source http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html What this means is that the email address you may see in the sender line has virtually nothing to do with the originator of the infected email.
BTW cheap has nothing to do with the issue, there is a window of oportunity between when the virus is released and when the fix is available for update in which the virus can infect computers. I have 4 cutomers infected by the last 2 strains of virus who have paid up subscriptions to the almighty Symantec and update religiously, but who through no fault of their own have contracted one or more of the latest strains. If you want to avoid the pain, switch to another operating system, You'll still get the emails, you'll still have to hit the delete key, they just won't have any effect on your computer and you won't have to pay any yearly subscription fees. I can tell you for a fact though that as far as I can find, there is no linux driver for a CAMM1, damn shame. David
Posted by John Deaton III (Member # 925) on :
I got about ten of these buggers today in my web based email. One from my buddy Si, and others I didnt recognize. By the way, where the heck is Si? Aint seen him around in a few days.
Posted by Kathy Joiner (Member # 1814) on :
Just checked and I got 96 infected e-mails! Lots were from letterhead e-dresses and all had subjects of Thank you, wicked screen saver, your approval, and so on. Beware of e-mail from various persons with the same subject.
Posted by Dawn Ellis (Member # 3529) on :
Hey John, Si went to Vermont to visit his mother and then on to FKAB. Heard he was having internet withdrawals! He'll probably be back on the computer later this week. I met him week before last when he came to my house to teach me gold leaf. I'm sooo lucky!!!!
![[Wink]](wink.gif)
![[Applause]](graemlins/clap.gif)
![[Mad]](mad.gif)