»
Discussion
»
Announcements & Links
»
Another Virus Attacks Emails
| Announcements & Links |
|
Another Virus Attacks Emails |
|
|
Poet deVine
Administrator
Member Seraphic
since 1999-05-26
Posts 22612Hurricane Alley |
Well, it's out there. It's called the Sobig virus and it sends out emails with a .pif attachment. The worm from the attachment then gets into your system and sends out emails to everyone in your address book. I've gotten so many in the last 2 days I can't count them. Some of them are even coming from a 'microsoft.com' address. Whatever you do, do not open them. Delete anything with an attachment! My Yahoo account is being hit big time, but my Cox.net account is being scanned by my Norton Anti-virus so that account is clear. And if you don't have an Anti-virus software on your computer, I suggest you get one! So far I've only gotten emails from people I don't know except for Doreen Peri..her computer must be infected. I've sent her an email. |
||
| © Copyright 2003 Poet deVine - All Rights Reserved | |||
|
Jamie Member Elite
since 2000-06-26
Posts 3168Blue Heaven |
I have one that is from you Sharon-- subject says Re: Your Details. This is just one of over 50 that invaded my firehousemail account-- didnt open any of them - ~whew~ There is society where none intrudes, by the deep sea, and music in its roar. |
||
|
Poet deVine
Administrator
Member Seraphic
since 1999-05-26
Posts 22612Hurricane Alley |
Wow...thanks for telling me. I don't know how it could happen...I don't open anything anymore. I'll do a virus scan right now! |
||
|
Toad Member
since 2002-06-16
Posts 161 |
Sobig has been out there for a while, it contains its own smtp engine uses it to spoof the from and to address generally ripping them from the infected PC’s address book or files. In all probability Doreen doesn’t have the virus it’s more likely to be someone who has both you and her listed in his or her address book. Your advice about virus protection is generally good but virus checkers are only as good as the dats or definition files they’re running from it’s essential to keep them up to date. If you don’t virus checkers are pointless giving you nothing more than a false sense of security. Protecting against viruses is getting harder and harder to do, though the ones that use email to deliver their payload are the easiest to beat. My advice is don’t run a mail client on your PC, use a web based client such as Yahoo that way they hold the file on their server and only download it on request. Use a virus checker and keep the definition files up to date and never ever ever open a file attachment you weren’t expecting, if in doubt delete it and contact the sender. The last bit is most important part when it comes to viruses like Sobig, you have to physically run the file before it can start doing it’s dirty deed(s). |
||
|
Toad Member
since 2002-06-16
Posts 161 |
Sharon, This might help but my guess is you don’t have the virus so don’t panic!  http://vil.nai.com/vil/content/v_100429.htm or http://vil.nai.com/vil/content/v_100561.htm Look for the files mentioned and check your registry for the entries listed, if you are doing a virus check make sure you get it to look at all files including compressed, Lovsan (MSBlast) only shows up if this option is chosen on some virus checkers, notably McAfee. [This message has been edited by Toad (08-20-2003 11:06 AM).] |
||
|
Poet deVine
Administrator
Member Seraphic
since 1999-05-26
Posts 22612Hurricane Alley |
I just went to Symantec and checked my system for this Sobig worm. I don't have it. Does that mean that if someone has my email address on file and they get the worm, it will send out emails that look like they are from me? |
||
|
HopeS Member Elite
since 2000-12-22
Posts 4596Perth Western Australia |
yes it as been around for awhile and seems to be prevalent once again , Norton Antivirus as alerted me heaps of times in the last couple of weeks so it gets deleted straight away Hope |
||
|
Toad Member
since 2002-06-16
Posts 161 |
Sharon, If someone has Sobig (or one of several viruses that use the same spoofing technique) and your email address is on their system or on a web page they visit then yes people can receive email that looks like it came from you and contains a virus. You can, in some cases and if you know how, read the mail header and trace roughly where it came from but most are directed through open relays so are hard to pin down. |
||
|
Sunshine
Administrator
Member Empyrean
since 1999-06-25
Posts 63354Listening to every heart |
Toad, my friend, when e-mail comes in from a "name" I recognize from Passions, I do a right click on the e-mail address and get to the Options box where I can click on that and it gives me enough information that I can discern whether someone I really know sent it to me - or whether it's a hijacked e-mail spam message which possibly carries a virus. All I know is, it's been helping me a lot with "familiar names" but no way in the world would they be writing me...  I do appreciate everyone's bringing in whatever information they have on these continual BUGS that are out there infecting the internet.... |
||
|
Toad Member
since 2002-06-16
Posts 161 |
Sunshine, If you’re doing what I think you’re doing I wouldn’t recommend it. What happens when an email arrives at a mail client such as Outlook that has an entry for that address the software associates the email address with a user-friendly name and displays the details of that person held on your system. If you got a virus with a spoofed name that matched one in your address or contacts list the system would presume it came from that person and display their details. All you’re checking is that your system recognises the email address not that the person actually sent it! Sobig is built to use an infected systems contact list which means if my PC is infected and I have both your email address and Sharon’s email address in my address book you could get a mail from me that purports to be from Sharon which has a nasty little attachment. |
||
Wind
since 2002-10-12
Posts 2981 |
ok- what exactly does this worm do to your system? insanity is not a crime |
||
Mysteria
since 2001-03-07
Posts 18328British Columbia, Canada |
Wind the link below will answer your questions. Here is what I know to be accurate: A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine. In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses. Note: The worm copies itself onto the infected machine as: C:\WINNT\WINPPR32.EXE Caution: An infected email can come from addresses you recognize and may contain the following information: WHAT TO LOOK FOR: Subject: [content varies] - Your details - Thank you! - Re: Thank you! - Re: Details - Re: Re: My details - Re: Approved - Re: Your application - Re: Wicked screensaver - Re: That movie Body: [content varies] - See the attached file for details - Please see the attached file for details Attachment: [content varies] - your_document.pif - document_all.pif - thank_you.pif - your_details.pif - details.pif - document_9446.pif - application.pif - wicked_scr.scr - movie0045.pif If you go to McAfee Security they have a scan you can use to see if you have been infected. Here is what they posted about the virus, and below that is the link to the scan to check your computer for many virus out there. http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561 http://us.mcafee.com/root/mfs/default.asp Oh, and my son taught me long ago to not open ANYTHING that is an attachment, and do what Toad said, delete it, email the person whom you thought sent it to see if they did in fact send it, and if a picture ask them to insert it - not attach it. So far, touch wood, I have never had a virus, but if I did, I would just call my son, for another computer  [This message has been edited by Mysteria (08-20-2003 03:06 PM).] |
||
|
Sunshine
Administrator
Member Empyrean
since 1999-06-25
Posts 63354Listening to every heart |
Well fudge, Toad! That's what our computer experts told us to do. Normally you can recognize the full e-mail address and denote from it that it is NOT from one you recognize. Sheesh... But thank you, Sir! |
||
|
SmartChick Member Rara Avis
since 2001-09-23
Posts 7081On A Journey To The Unknown |
I never open any email attachments. |
||
|
lucky Senior Member
since 2000-01-17
Posts 1601Idaho |
Hay ya PdV, Rosemary and I have never been hit ever, but we are using Apple/Mac Computers. BTW if I remember correctly doesn't Doreen Peri use a Mac too..? We run Norton's Anti-Virus also, but aren't Mac's supposed to be a more of a fool proof machine as far as Virus' go..? Maybe you know of some info. and could post it for us Mac users. Thank you all. good lookin' out, PdV dale gwaltney [This message has been edited by lucky (08-24-2003 04:21 AM).] |
||
|
Toad Member
since 2002-06-16
Posts 161 |
Hope this helps the Mac users: http://www.faqs.org/faqs/computer-virus/macintosh-faq/ |
||
|
|
⇧ top of page ⇧ |
|
| All times are ET (US). All dates are in Year-Month-Day format. | ||
