posted
***Edited: I thought it was me but it appears it's all over so I guess it's more than me!***
I got hit with the W32.Sobig.F@mm virus and it is mass emailing all email addresses not only on my system but is also hitting all html sites found on my system and emailing those addresses.
If you are getting them from me I apologize. I am all fixed now. Make sure you scan your systems.
Norton caught it but I had to manually fix it.
[ August 19, 2003, 11:53 AM: Message edited by: Amy Brown ]
-------------------- Amy Brown Life Skills 101 Private Address Posts: 3502 | From: Lake Helen, FL, USA | Registered: Feb 2001
| IP: Logged |
posted
Well now I know who's address book I'm in. Norton deleted 12 instances just now, on incoming messages. Oddly enough, none seemed to be from you directly, but a few names were recognized BB members. Some slimeball must be reveling in their dastardly handiwork this morning.
SONGPAINTER Original Sign Music by Sign People NOW AVAILABLE on CD and the proceeds go to Letterville's favorite charity! Click Here for Sound Clips! Posts: 1974 | From: Orleans, MA, Cape Cod, USA | Registered: Nov 1998
| IP: Logged |
posted
Man, this stinks! I'm really sorry. Have no clue how I got this. I think I got it from someone else first and didn't really notice. Norton didn't pick it up on email scanning. Then I was getting like 20 emails per minute from places I've never even heard of. I quickly figured it out and ran Norton Update then scan and it picked it up. I'm still getting tons of email all are infected and Norton is automatically deleting those files.
If you got the emails and they aren't scanned I wouldn't take chances with it. Just assume you've got it too.
Technology, isn't it great!!
-------------------- Amy Brown Life Skills 101 Private Address Posts: 3502 | From: Lake Helen, FL, USA | Registered: Feb 2001
| IP: Logged |
posted
In the last hour or so I have had about 20-30 mails all with virus from names like markrobt@aol.com sfrog@talk21.com, editor@signindustry.com, etc etc so lots coming from the bb side of the world!!
posted
Okay, this thing is spreading like wild fire. I just checked and none of you are in my address book. So, whoever I sent it to is hitting their addresses and then those are hitting their addresses. I'm beginning to think I didn't start this thing after all!!
My first was from rldsigns@aol.com
-------------------- Amy Brown Life Skills 101 Private Address Posts: 3502 | From: Lake Helen, FL, USA | Registered: Feb 2001
| IP: Logged |
posted
set your Outlook or Outlook Express to NOT preview any email.. that way you will not automatically start any email virii you may get through email.. Once started it will spread infections within seconds. Another check u can use is not to keep emails in the address books. Keep them in a word or notepad document.
Most virii such as this one cannot spread unless you open an infected email.
-------------------- Leaper of Tall buildings.. If you find my posts divisive or otherwise snarky please ignore them. If you do not know how then PM me about it and I will demonstrate. Posts: 5278 | From: Im a nowhere man | Registered: Jul 2001
| IP: Logged |
posted
Got 2 this morning. One from a recognized name around here & the other unknown. Both messages said to check attachment for details; but there were no attachments. Neither was from Amy.
-------------------- Bill Cosharek Bill Cosharek Signs N.Huntingdon,Pa
bcosharek@juno.com Posts: 705 | From: N.Huntingdon, Pa, USA | Registered: Dec 1999
| IP: Logged |
posted
I'm not getting any here, so it's nice to know none of you have my email address in your addy books.
Seriously though, like Curtis said, disable the Preview feature in Outlook/Outlook Express. I know it's handy to have but that's how these buggers launch themselves. If the Preview is enabled, the virus launches itself as soon as you click on the email to delete it!
I delete any and all suspect emails immediately then flush out the delted items folder. If I'm not sure about the contents of an email, I right-click it, check the properties then look at the message source to see if there's anything in it I should look at.
-------------------- "If I share all my wisdom I won't have any left for myself."
Mike Pipes stickerpimp.com Lake Havasu, AZ mike@stickerpimp.com Posts: 8746 | From: Lake Havasu, AZ USA | Registered: Jun 2000
| IP: Logged |
posted
I usually dump everything I don't know but I thought I recognized the email that got me as a letterhead and opened it. My bad! I've been so busy I didn't know if I was working on something with this person or what. Obviously not!
I never keep the preview pane open either so it was just luck of the draw today. And as bad as my luck goes it doesn't surprise me in the least.
Yippee!!
-------------------- Amy Brown Life Skills 101 Private Address Posts: 3502 | From: Lake Helen, FL, USA | Registered: Feb 2001
| IP: Logged |
posted
I guess things in life do balance out. My IP doesn't provide any free space for hosting pics. It's run by the local phone company, whose lines are so bad in my area that I can only connect at 24,000. They do however provide an anti virus screening and an anti spam/junk mail service. I haven't recieved a virus in a couple of year, nor any unwanted e-mail. You only get notified every few days. I still keep my Norten updated, but it doesn't have anything to do these days.
-------------------- George Perkins Millington,TN. goatwell@bigriver.net
"I started out with nothing and still have most of it left"
posted
I'm receiving them too, but it's not Lettervilles specific. Luckily my ISP filters everything and simply notifies me I have a virus at the ISP "greymail" site. They delete that junk for me. It's sad when someone has nothing better to do than wreak havoc on unsuspecting gentle people! Be careful out there. I'm sure we'll probably hear about it all on the news tonight. Bomba-Dear.
-------------------- Bomba-Dear Jackie Vaughn #5115 Volcano, California www.chocoholic.com Posts: 761 | From: Volcano, California, USA | Registered: Nov 1998
| IP: Logged |
I now use www.mail2web.com site to preview all the e-mails on my server. It's a free site and can be accessed from any computer as long as you know your password for your e-mail.
It lists them 20 at a time and you can select delete, hold or open. Quite handy when your traveling too! If you open in this site you have to send a copy back to yourself if you want to keep it.
Certainly a lot quicker and safer than waiting for Outlook Express to download.
posted
I got twenty emails today all with RE: as the subject in my web based email. Some from addresses I knew, others I didnt. Deleted em all. Buggers.
-------------------- Maker of fine signs and other creative stuff. Located at 109 N. Cumberland ave. Harlan, Ky. 40831 606-837-0242 Posts: 4172 | From: Ages-Brookside, Ky. Up the Holler... | Registered: Jul 1999
| IP: Logged |
Like Jon (Bushie), I always check my mail thru www.web2mail.com before downloading into my inbox. Jon, you said you have to send any messaqes you want to keep to yourself? I just don't delete the ones I want and then download them thru my mail server as usual. You must have a different client set-up than I do.
The good thing about doing it this way is all spam can be elimnated off the server before you ever load it onto your machine. See ya,
-------------------- R.T.Thomas,AirDesigns/Sign And Airbrush Studio rtart1@earthlink.net
Hattiesburg,MS 39401 Shop 601-584-1000 Cell 601-310-5901 Proud supporter of LETTERVILLE!
"Ahhhhhh.......Juicy Fruit." Posts: 547 | From: Hattiesburg,MS USA | Registered: Nov 1998
| IP: Logged |
posted
I got bombarded yesterday and so this morning I went and checked my address book and found about 50 addresses of people that I don't know. so I deleted those.
-------------------- Laura Butler Vision Graphics & Sign 4479 Welch Rd Attica, Mi 48412 Posts: 2855 | From: Attica, Mi, USA | Registered: Nov 2000
| IP: Logged |
posted
Mail washer also is a handy program for checking your mail server contents before downloading. http://www.mailwasher.net/ David
-------------------- David Fisher D.A. & P.M. Fisher Services Brisbane Australia da_pmf@yahoo.com Trying out a new tag: "Parents are the bones on which children cut their teeth Peter Ustinov Posts: 1450 | From: Brisbane Queensland Australia | Registered: Nov 1998
| IP: Logged |
Detection A virus identity file (IDE) file which provides protection is available now from the Latest virus identities section, and will be incorporated into the October 2003 (3.74) release of Sophos Anti-Virus.
Sophos has received many reports of this worm from the wild.
Description W32/Sobig-F is a worm that spreads via email and network shares.
W32/Sobig-F copies itself to the Windows folder as winppr32.exe and sets one of the following registry entries:
The worm sends itself, using its own SMTP engine, as an attachment to email addresses collected from various files on the victim's computer. When it distributes itself via email it forges the sender's email address, making it difficult to know who is truly infected.
The email has the following format:
Subject line: Chosen from - Re: That movie Re: Wicked screensaver Re: Your application Re: Approved Re: Re: My details Re: Details Your details Thank you!
Message text: Chosen from - Please see the attached file for details. See the attached file for details
W32/Sobig-F also attempts to spread by copying itself to Windows network shares and uses the Network Time Protocol to one of several servers in order to determine the current date and time. If the date is September 10 2003 or later the worm stops working.
Recovery Read instructions on how to remove the W32/Sobig-F worm and ensure your system is not vulnerable to reinfection.
-------------------- Jeff Vrstal Main Street Signs 157 E. Main Street Evansville, WI 53536 1-608-882-0322 Posts: 670 | From: Evansville, Wisconsin | Registered: Sep 2001
| IP: Logged |
I've gotten a few of these emails this morning, some from names/addies I recognize and some I dont.
Here's another twist..
I also received a Returned Mail notice from AOL's mailer daemon, telling me that an email I sent had a virus and that the email was rejected.
After checking out the message source itsself (the complete message headers) here's what I saw...
1. The original email that got rejected was sent to Dan Antonelli - I recognized his email address from having visited his website in the past, however I do not have his email in my address books! Hmmmmm!!!
2. The original email had MY name in the "From:" field although my machine is clean.
3. The proof: the headers list the IP addresses of the originating machine and all the relays the message takes enroute. The IP listed is not mine, which I am sure of because my IP is static.. my mail server was not listed as a relay, reinforcing the fact the email didnt come from my machine because all my mail goes through my own servers!
So, when you recognize a name or email address on an email that potentially has a virus, keep all this in mind because it's apparent the virus is swapping email addresses from its host computer into its own messages!
-------------------- "If I share all my wisdom I won't have any left for myself."
Mike Pipes stickerpimp.com Lake Havasu, AZ mike@stickerpimp.com Posts: 8746 | From: Lake Havasu, AZ USA | Registered: Jun 2000
| IP: Logged |
posted
I think that is about time for us to take action and "paint" these morons into a corner, and then yank their internet connection, leaving them dangling without food, water or extra RAM.
-------------------- Jeff Vrstal Main Street Signs 157 E. Main Street Evansville, WI 53536 1-608-882-0322 Posts: 670 | From: Evansville, Wisconsin | Registered: Sep 2001
| IP: Logged |
![[Dunno]](graemlins/dunno.gif)
![[Big Grin]](biggrin.gif)
![[Wink]](wink.gif)
![[Smile]](smile.gif)
Printer-friendly view of this topic