Got a virus from slammedcivicsi
Setanta
08-28-2003, 02:28 AM
Mate, you have the W32.Sobig.F@mm virus on your system :(
Got an email from your hotmail account, emailed @ Wed, 27 Aug 2003 23:11:04 --0700. At least, that's what appears in the MIME.
I'd like to suggest that everyone update their virus checkers - Norton's Antivirus 2003 picked it up fine and deleted it as it hit my email box so all is good here.
For those that are sick of having these attachments flood their email box (sucks when you are on 56K), try Mailwasher/Pro at www.firetrust.com. It allows you to look at your POP3 account on the server and delete emails off the server rather than download them
Cheers
Got an email from your hotmail account, emailed @ Wed, 27 Aug 2003 23:11:04 --0700. At least, that's what appears in the MIME.
I'd like to suggest that everyone update their virus checkers - Norton's Antivirus 2003 picked it up fine and deleted it as it hit my email box so all is good here.
For those that are sick of having these attachments flood their email box (sucks when you are on 56K), try Mailwasher/Pro at www.firetrust.com. It allows you to look at your POP3 account on the server and delete emails off the server rather than download them
Cheers
XxLuckyLisaxX
08-28-2003, 04:00 AM
dude what the fuck is up with this virus, ive been getting hella of those emails and also shit from the mail syatem delivery system saying some of my emails werent sent but when i inspected it closer, it was shit i had never sent, email addys i didnt even know and that is was the same b/s i had already received, but for one thing i never even downloaded or opened the files that were attached with those emails so i dont know how it got into my comp.!!!! but im running a virus scan right now i hate b/s like this
GTA
08-28-2003, 05:48 AM
I had it. Didnt know until i started getting returned mails... ran a fix 4 days ago. Im still getting a few returns a day though
Setanta
08-28-2003, 06:35 AM
I had it. Didnt know until i started getting returned mails... ran a fix 4 days ago. Im still getting a few returns a day though
Can you post a link to the fix for those that think they might have it?
Cheers
Pete
Can you post a link to the fix for those that think they might have it?
Cheers
Pete
slammedcivicsi
08-28-2003, 10:28 AM
WTF.....I ran my Norton Antivirus update like 2 days ago....and did a virus scan this morning....it came up clean....can someone post a link to fix the virus.....I will attend to it after work.....but my main question is how did I send you a virus....I've never emailed you so you shouldnt be in any of my address books.
Setanta
08-28-2003, 10:47 AM
WTF.....I ran my Norton Antivirus update like 2 days ago....and did a virus scan this morning....it came up clean....can someone post a link to fix the virus.....I will attend to it after work.....but my main question is how did I send you a virus....I've never emailed you so you shouldnt be in any of my address books.
Yeah I know - it's really weird. If you want I can forward you the email I got along with the attachment after nortons deleted the file.
It's really weird that it used your hotmail account and not your POP/SMTP Outlook Express etc - I though Hotmail cleaned them too.
I'm wondering if you used your hotmail account as the contact on the 4th gen site's members list???? Then used it as a dummy sender. If so, they got that addy with a web-crawler, the same as they got mine I'm guessing. If so, we need to get Ami to remove all traces of everyone's email addys from the site. :(
Yeah I know - it's really weird. If you want I can forward you the email I got along with the attachment after nortons deleted the file.
It's really weird that it used your hotmail account and not your POP/SMTP Outlook Express etc - I though Hotmail cleaned them too.
I'm wondering if you used your hotmail account as the contact on the 4th gen site's members list???? Then used it as a dummy sender. If so, they got that addy with a web-crawler, the same as they got mine I'm guessing. If so, we need to get Ami to remove all traces of everyone's email addys from the site. :(
amy@af
08-28-2003, 10:55 AM
If so, we need to get Ami to remove all traces of everyone's email addys from the site. :(
:eek7: that is not even funny
:eek7: that is not even funny
T-Mo
08-28-2003, 11:02 AM
These e-mails are being sent out to everyone's free e-mail accounts. Here's some info off of the net about it. It's not going to stop spreading until Sept. 9th, So read up:
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files that have the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code.
Email routine details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address, [email protected], as the sender.
NOTES:
The spoofed addresses and the Send To addresses are both taken from the files found on the computer. Also, the worm may use the settings of the infected computer's settings to check for an SMTP server to contact.
The choice of the internet.com domain appears to be arbitrary and does not have any connection to the actual domain or its parent company.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Body:
See the attached file for details
Please see the attached file for details.
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
NOTES:
The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
The aforementioned de-activation date applies only to the mass-mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm-infected computer will still attempt to download the updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior.
Outbound udp traffic was observed on August 22nd, coming from systems infected with both Sobig.E and Sobig.F. However, the target IP addresses were either not responding, taken offline, or contained non-executable content; that is, a link to an adult site.
W32.Sobig.F@mm uses a technique known as "email spoofing," by which the worm randomly selects an address it finds on an infected computer. For more information on email spoofing, see the "Technical Details" section below.
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files that have the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code.
Email routine details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address, [email protected], as the sender.
NOTES:
The spoofed addresses and the Send To addresses are both taken from the files found on the computer. Also, the worm may use the settings of the infected computer's settings to check for an SMTP server to contact.
The choice of the internet.com domain appears to be arbitrary and does not have any connection to the actual domain or its parent company.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Body:
See the attached file for details
Please see the attached file for details.
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
NOTES:
The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
The aforementioned de-activation date applies only to the mass-mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm-infected computer will still attempt to download the updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior.
Outbound udp traffic was observed on August 22nd, coming from systems infected with both Sobig.E and Sobig.F. However, the target IP addresses were either not responding, taken offline, or contained non-executable content; that is, a link to an adult site.
W32.Sobig.F@mm uses a technique known as "email spoofing," by which the worm randomly selects an address it finds on an infected computer. For more information on email spoofing, see the "Technical Details" section below.
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
Melt
08-28-2003, 11:16 AM
Im backing up all my docs ... po i mean nature movies, pics, and mp3s ... then redoing my operating system ... my shit is so bad right now it wont even boot unless i put it into safe mode. I want to switch to linux because im tired of all these fuckers fucking with microsoft and then fucking my shit up as a result of it. Problem is a lot of shit i use i dont think they have on linux ... but i hear you can get windows emulators for it so i can run shit like photoshop.
Ill have to do some more research though.
Ill have to do some more research though.
Automotive Network, Inc., Copyright ©2025