Re: DML virus spreading - EVERYBODY READ!

From: Walt Felix (walt@walt-n-ingrid.com)
Date: Wed Aug 20 2003 - 09:22:17 EDT

Next message: Walt Felix: "Re: DML virus spreading - EVERYBODY READ!"
Previous message: Thomas Mize 3rd: "Dodge Truck World MD chapter now forming"
Next in thread: Walt Felix: "Re: DML virus spreading - EVERYBODY READ!"
Maybe reply: Walt Felix: "Re: DML virus spreading - EVERYBODY READ!"
Reply: DAKSY: "Re: Re: DML virus spreading - EVERYBODY READ!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This is a new variant of W32/Sobig virus. W32/Sobig.f@MM. NAI has a
complete discription of the virus and has it listed as a high risk for
home users.

http://vil.nai.com/vil/content/v_100561.htm

My inbox is getting flooded with messages from someone who I believe is
either on the DML or browsed a page where a number of the DML member's
email addresses are displayed.

I have found two common addresses in the header information

Some are comming from someone on a DSL connection on labridge.com. I
keep finding "dsl03-243.labridge.com ([206.117.139.243])" as the first
server in the received chain on about 200+ emails I received yesterday.
Ive blocked 206.117.139.243 on my mail server but am still getting
flooded with failure notices from where the virus spoofed my address in
the return field to other email addresses.

Another bunch are coming from "207.193.176.61" which appears to be a
SWBELL.NET SBC Internet Services - Southwest address. Proabbly another
DSL user since most seem to have a 1000k attachment and I have received
over 200 of them. I have also blocked that IP on my server but am
flooded with failure notices like the other.

EVERYBODY, CHECK YOUR DATs!

Walt Felix

http://www.Walt-n-Ingrid.Com
http://www.MoparsinMotion.Com
http://www.CruiseNights.Info

> ------------------------------
>
> Date: Tue, 19 Aug 2003 23:15:55 -0400
> From: Michael Maskalans <mike-lists@tepidcola.com>
> Subject: DML: virus spreading
>
> hey guys, check your virus defs... I just had a half dozen messages
in
> my inbox that smell like the new virus making rounds - some from
people
> I know to be on the list, and some from people whose addresses look
> likely. all were addressed to me personally, so it looks like the
lack
> of attachments to the list is once again a Good Thing. As is, of
> course, NOT USING OUTLOOK: it's a virus trap, people!
>
> From: <stebel@web.de>
> Subject: Re: Details
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> Attachments: There is 1 attachment (application.pif, 77.1kb)
>
>
> From: <daalcorn@bellsouth.net>
> Subject: Re: Wicked screensaver
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> Attachments: There is 1 attachment (application.pif, 77.1kb)
>
>
> From: <blown318@comcast.net>
> Subject: Thank you!
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> Attachments: There is 1 attachment (thank_you.pif, 74.1kb)
>
>
> From: <ecm5U2pWk59@about.com>
> Subject: Re: Details
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> Attachments: There is 1 attachment (wicked_scr.scr, 74.7kb)
> - --
> Michael Maskalans <http://mike.tepidcola.com/>
> Apple Campus Rep - ClassTech Consultant - Printer Tech
> mobile.612.618.4652 campus.585.274.2246 fax.954.697.0487
>
> ------------------------------

Next message: Walt Felix: "Re: DML virus spreading - EVERYBODY READ!"
Previous message: Thomas Mize 3rd: "Dodge Truck World MD chapter now forming"
Next in thread: Walt Felix: "Re: DML virus spreading - EVERYBODY READ!"
Maybe reply: Walt Felix: "Re: DML virus spreading - EVERYBODY READ!"
Reply: DAKSY: "Re: Re: DML virus spreading - EVERYBODY READ!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Fri Feb 06 2004 - 11:46:48 EST