Re: OT (Somewhat): More about the virus

From: Jon (jonsdak@midmaine.com)
Date: Thu Mar 20 2003 - 16:31:49 EST

I've gotten a bunch of emails saying I'm propagating the SoBig virus, but my
system is clean. One of the most annoying things about this virus is its
spoofing of the return-path. 

-- 
-Jon
jonsdak@midmaine.com
http://jonsdakota.tripod.com
1996 Dodge Dakota Sport 4X4, 3.9L V6, 42RE, 3.92:1 8.25 axle, "BackRack"
Headache Rack,  Dodge Motorsports decals, steering wheel cover, and front
license plate, diamond-plate bedrail covers, Lund VentVisors, Lund
BugShield, Jensen MP-3310 CD/MP3 Receiver, Pioneer TS-G1347's in front,
TS-A5713's in rear, Bulldog RS-82 Remote Starter
"Bob Tom" <tigers@bserv.com> wrote in message
news:5.0.2.1.0.20030820102314.009f78b0@pop3.norton.antivirus...
>
> At 11:07 PM 8/19/03 -0700, you wrote:
> >A new variant of the "Sobig" virus that circulated a while back.  The
> >.pif/.scr file attachments to/from random addresses is the giveaway.
>
> A little more information.
>
> Variant of Sobig on the loose.
> The worm basically sends itself as an e-mail attachment to addresses
> collected from a victim's computer. The worm forges the sender's e-mail
> address, making it "difficult to know who is truly infected," according to
> an alert on antivirus software vendor Sophos PLC's Web site.
>
> The e-mail appears with subject headers such as "Re: That movie,"
> "Re: Wicked screensaver," and "Re: Details." The attached file is
> chosen from a list that includes "movieoo45.pif," "wicked_scr.scr"
> and "your-document.pif," according to Sophos.
>
> The Sobig variant takes advantage of the Network Time Protocol that's
> used by servers to synchronize times to determine when it should stop
> propagating itself, according to Sophos. If the date is Sept. 10, 2003,
> or later, the worm will no longer propagate.
>
> The DML does not allow attachments.  Just be careful with any attachments
> that you receive (see above).  As long as you don't open them, you'll be
> okay.
>
> There's another worm going around as well since July.  It's a variation
> of the Blaster worm.  AFAIK, it attacks networks, not spread by
> attachments and Win2000 and XP seem to be the vulnerable OS.
>
> I've done a NAV LiveUpdate and scanned all my files.  Got an AOK.
>
> That's all I know for now.
>
> Bob Tom     Burlington, Ont., Canada
> '97 Dakota Sport, 4x2, CC, Flame red, 5.2L, 44RE auto., 4.56SG
>

This archive was generated by hypermail 2b29 : Fri Feb 06 2004 - 11:46:48 EST