| Author |
Message |
Admin
Site Admin
Joined: 17 May 2003
Posts: 0
|
 Posted:
Wed Aug 20, 2003 9:39 pm |
It is not often I feature virus news here at UO but then again this virus isn't normal. The SoBig virus has been slamming our host and our own email servers bad. I have received over 400 emails today. I am posting this in hopes that someone can track this thing and smack this script kiddie down.
I want to point out to would-be hackers that email virus not only hurt the big guys like you want it hurst us little guys as well. I run this site myself and don't have any money. When viruses spam my site it spams the Bandwidth as well and that costs money. Please try and refrain from hurting some of the sites you do like to kill the big ones. Thanks to Neowin for the following info...
SoBig is so prevalent, as sixth variant mass mails itself around the world A new variant of the SoBig worm has been filling inboxes worldwide, after it was mass-mailed to millions of email addresses. The worm arrives as a .Pif (Program Information file) attachment in emails with the headers:Re: That movie
Re: Wicked screensaver
Re: Your application
Re: Approved
Re: Re: My details
Re: Details
Your details
Thank you! The worm is 72,000 bytes. once activated it copies itself to Windows as 'winppr32.exe' and edits the registry to ensure that it starts whenever the computer boots. All email addresses on the PC are collected and are then sent copies of the worm using the worm's own SMTP engine. |
|
|
|
|
|
Burgess
UO Staff
Joined: 17 May 2003
Posts: 542
Location: Almost Heaven WV, USA
|
| Posted:
Thu Aug 21, 2003 12:26 pm |
Yup, I got hit with that one myself. I do have a question though. I used Outlook Express Six and I did not click to open the attachments. After that I recieved a MailorDamon telling me that an email i sent did not go through. Guess what? I did not send the email. So should I be worried? Right now I am so paranoid I am about to reformat my rig again. What do you guys have to say? |
_________________
"Power without perception is spiritually useless and therefore of no true value." - Ryuukin Father to Ken, Jagi, and Raoh |
|
|
|
|
Tycho
Wanna-Be Webmaster
Joined: 17 May 2003
Posts: 1041
Location: Grand Rapids, Michigan
|
| Posted:
Thu Aug 21, 2003 1:46 pm |
No don't worry unless you completely opened the attachment you won't get infected. However with spoofing anything can be sent with any .com addy. So sometimes you will get mail that says you sent but you didn't, the spoofed email did.
Make sense? |
_________________
In the Immortal words of Socrates who said, "I drank what?" |
|
|
|
|
Raven
UO Staff
Joined: 19 May 2003
Posts: 2235
Location: Clyde, Ohio
|
| Posted:
Thu Aug 21, 2003 2:31 pm |
any way you look at it you should scan for the worm though. just as a precaution |
_________________
nevaR ask Raven
Because he nevaR knows!
Http://www.guardiansofdeath.com |
|
|
|
|
Peoii
Ultimate Fanboy
Joined: 19 May 2003
Posts: 572
Location: Post Falls, ID, USA, North America, Earth, Sol, Milky Way
|
| Posted:
Thu Aug 21, 2003 3:56 pm |
| Tycho wrote: |
No don't worry unless you completely opened the attachment you won't get infected. However with spoofing anything can be sent with any .com addy. So sometimes you will get mail that says you sent but you didn't, the spoofed email did.
Make sense? |
Actually, to clerify, it can send via any e-mail address, not just .com's.... doesn't seem to be limited to those, I've recieved many from .net accounts. Though, your point does make sense tycho. |
_________________
[Peoii's Place]
SELECT * FROM users WHERE clue > 0
0 Rows Returned. |
|
|
|
|
|
|
