SoBig.F Worm Floating Around: Warning!
08-19-2003, 09:40 PM
#1
Pr0n King
Thread Starter
iTrader: (3)
Join Date: Nov 2002
Location: The Land of Rocks
Posts: 26,618
Car Info: Turncoat Turbo
SoBig.F Worm Floating Around: Warning!
http://securityresponse.symantec.com...obig.f@mm.html
This one has the potential to be BIG! It's already slowing down the 'net in a bunch of places (intranets in large companies are being hit especially hard).
As always, if you open up attachments that seem odd or are unexpected you are just playing with fire. Always keep your virus databases up to date and exercise common sense/caution.
My motto: If you get bit, it's a bit of your own fault.
Watch out, Peeps!
P.S. No posts in an hour? You guys are sad! Is this thing on? Helllloooo?
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files with the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm uses its own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares.
Email Routine Details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender).
The worm may use the address admin@internet.com as the sender.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Body:
See the attached file for details
Please see the attached file for details.
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
NOTE: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
Symantec Security Response has developed a removal tool to clean the infections of W32.Sobig.F@mm.
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm uses its own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares.
Email Routine Details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender).
The worm may use the address admin@internet.com as the sender.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Body:
See the attached file for details
Please see the attached file for details.
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
NOTE: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
Symantec Security Response has developed a removal tool to clean the infections of W32.Sobig.F@mm.
As always, if you open up attachments that seem odd or are unexpected you are just playing with fire. Always keep your virus databases up to date and exercise common sense/caution.
My motto: If you get bit, it's a bit of your own fault.
Watch out, Peeps!
P.S. No posts in an hour? You guys are sad! Is this thing on? Helllloooo?
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
08-19-2003, 09:41 PM
#2
Pr0n King
Thread Starter
iTrader: (3)
Join Date: Nov 2002
Location: The Land of Rocks
Posts: 26,618
Car Info: Turncoat Turbo
Boom: 8 calls about it today - 1 infection (that user can NEVER leave attachments alone, DAMMIT!). Howzabout you?
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
08-19-2003, 09:56 PM
#3
Guest
Posts: n/a
I've gotten 10 or so emails with this virus in them today. Weird thing is, they all came to only one of my 8 email addresses, and its the one that gets the least junk mail. I wonder where they got my address. Funny thing is, I've got a mac, and the virus won't do anything to it, hahahahaha.
08-20-2003, 01:23 PM
#6
Pr0n King
Thread Starter
iTrader: (3)
Join Date: Nov 2002
Location: The Land of Rocks
Posts: 26,618
Car Info: Turncoat Turbo
http://www.msnbc.com/news/954470.asp?0cv=CB10
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
Aug. 20 — This week’s computer nuisance, the SoBig virus, continued its march around the Internet Wednesday, infecting thousands of computers and hundreds of corporations. Even innocent bystanders were also hit by SoBig’s fallout — on Wednesday, many inboxes were overloaded with stray e-mails created by the virus. The outbreak comes on the heels of last week’s MSBlaster worm, which may have infected over 1 millions computers.
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
08-20-2003, 01:59 PM
#8
Pr0n King
Thread Starter
iTrader: (3)
Join Date: Nov 2002
Location: The Land of Rocks
Posts: 26,618
Car Info: Turncoat Turbo
I've received (automated blocking, but still getting the notification) of 200+ infected messages/bounces since 5pm yesterday. AMAZING!
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
08-20-2003, 02:03 PM
#9
Guest
Posts: n/a
I have over 300 emails with this worm removed at my College address. The College Exchange Server also sends a warning email after it cleans out the worm. So each email that is infected gets routed to me cleaned but also with a cleaning receipt. No infection, of course, but I spend way too much time deleting the frigging emails so I can read the legit ones.
I might actually have to go into my office and set up some filters to redirect this crap. My college IT Dept. is looking at spam filters but I doubt it will happen.
Of course, you guys are actually WORKING and I am PLAYING GOLF!
Never let a college prof complain to you about his/her job. Best job in the world!
I might actually have to go into my office and set up some filters to redirect this crap. My college IT Dept. is looking at spam filters but I doubt it will happen.
Of course, you guys are actually WORKING and I am PLAYING GOLF!
Never let a college prof complain to you about his/her job. Best job in the world!
08-20-2003, 02:06 PM
#10
Pr0n King
Thread Starter
iTrader: (3)
Join Date: Nov 2002
Location: The Land of Rocks
Posts: 26,618
Car Info: Turncoat Turbo
My Cloudmark Spamfilter automatically redirects these messages (and AVG deletes them). Good setup.
It's still irritating due to the fact that I IMAP into my work e-mail from home sometimes... ARGH!
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
08-20-2003, 02:06 PM
#11
Pr0n King
Thread Starter
iTrader: (3)
Join Date: Nov 2002
Location: The Land of Rocks
Posts: 26,618
Car Info: Turncoat Turbo
P.S. LC, can we do distance learning creds so I can get my Master's while you're on the green?
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
08-20-2003, 02:51 PM
#12
Guest
Posts: n/a
When I actually go back to work after Labor Day, I will set up the filters, but like you, when I am home I bang the POP3 box. I use the Web-based version of Exchange for my College emails so I can keep them on the network folder over there. Of course, the Web-based version doesn't use filters so I have to delete them all by hand.
BTW, I see 500 emails in my box right now and 494 are cleaned virus emails and receipts about the cleaning. Ack!
P.S. Yes, you can get distance learning credits from me if you get me an uppipe, turboXS stealth-back, and the Cobb AccessECU Stage 2.
BTW, I see 500 emails in my box right now and 494 are cleaned virus emails and receipts about the cleaning. Ack!
P.S. Yes, you can get distance learning credits from me if you get me an uppipe, turboXS stealth-back, and the Cobb AccessECU Stage 2.
08-20-2003, 04:47 PM
#14
Pr0n King
Thread Starter
iTrader: (3)
Join Date: Nov 2002
Location: The Land of Rocks
Posts: 26,618
Car Info: Turncoat Turbo
Sobig.F is Fastest Spreading Virus Yet
- August Becoming Epic Month for Worms
Several security companies declared that the Sobig.F mass-mailing
worm is the fastest spreading virus yet, surpassing the initial
infection rates of Klez, the LoveBug, Kournikova and other
infamous malware.
- August Becoming Epic Month for Worms
Several security companies declared that the Sobig.F mass-mailing
worm is the fastest spreading virus yet, surpassing the initial
infection rates of Klez, the LoveBug, Kournikova and other
infamous malware.
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
Thread
Thread Starter
Forum
Replies
Last Post
OakosAutomotive
Vendor Group Buys/Specials
5
11-24-2004 09:00 AM