Gossamer Forum
Home : General : Chit Chat :

SoBig.F

(Page 1 of 2)
> >
Quote Reply
SoBig.F
So how many people out there got copies of this virus this morning? I got about 500 of them before I started banning IP's. Weighing in at over 80kb per virus, it was a pretty noticeable blip on the bandwidth as well.

More info on this one at:

http://news.com.com/...-1002_3-5065494.html

Hard to believe so many people are still affected given the rash of viruses recently. Automatic updates on by default doesn't seem like such a bad idea for most.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] SoBig.F In reply to
Received about 50 of them (thank goodness for Personal Firewalls and Anti-Spam programs)....

Another article:

http://story.news.yahoo.com/...9/tc_nm/tech_worm_dc
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Alex] SoBig.F In reply to
I got about 80 of them this morning; about 15 of those were "from" you Wink

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com
Quote Reply
Re: [Jagerman] SoBig.F In reply to
I only got 8 "from" you. =)

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] SoBig.F In reply to
We don't do viruses here in Mac OS X land....Cool

Ivan
-----
Iyengar Yoga Resources / GT Plugins
Quote Reply
Re: [yogi] SoBig.F In reply to
You still get them though? I'm not infected, but I get hundreds of them (filtered and tagged, but still get them).

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] SoBig.F In reply to
I got a few automated replies from mail servers telling me that messages "from" me were infected with the virus, but not the virus itself...

Ivan
-----
Iyengar Yoga Resources / GT Plugins
Quote Reply
Re: [Jagerman] SoBig.F In reply to
I would think the worm would only be sent with the "From" address of someone who was infected (presumably because it is sent to everyone in that person's address book). I'm guessing all three of you know enough not to open suspicious .pif attachments, so I'm not clear on where the worm is getting the email addresses it's using... Is it that Jason and Alex were both in the same third party's address book and that person became infected?

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund
Quote Reply
Re: [Alex] SoBig.F In reply to
I agree that automatic updates does seem like a very good idea for home users with broadband connections. I'm all for it.

11 and counting so far in my trash folder.

- wil
Quote Reply
Re: [hennagaijin] SoBig.F In reply to
I think it's usually from random people in a users address book, or from emails harvested in the IE cache.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] SoBig.F In reply to
Zero. Tongue

Philip
------------------
Limecat is not pleased.
Quote Reply
Re: [Alex] SoBig.F In reply to
OK, my inbox was full this morning....

Ivan
-----
Iyengar Yoga Resources / GT Plugins
Quote Reply
Re: [yogi] SoBig.F In reply to
I've been pretty lucky so far (you watch me post a reply in a minute, saying I got sent 5,000 of the buggers Laugh).

I got stung before with a few viruses before....something like 20,000 emails in the space of a day. I ended up just having to ban the IP's, and then clean out my whole email list, which mean't I lot a lot of good emails Frown

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] SoBig.F In reply to
If you're using Postfix at server level to handle your mail, then you might find this useful as a tip to blocking out the Sobig virus:

http://www.unixwiz.net/...ps/reject-sobig.html

- wil
Quote Reply
Re: [Alex] SoBig.F In reply to
I didn't see any until late this morning, and so far only 5 or 6 copies.
Quote Reply
Re: [Alex] SoBig.F In reply to
I got about 400~ his morning.... My PC's are clean yet I've have had 20+ of my customers email saying a sarcastic 'thank's' for sending them a virus?!?

I'm hoping that this is because I'm in their address book... anyone???


moog
-- I've spent most of my money on beer and women... the rest I just wasted.
Quote Reply
Re: [moog] SoBig.F In reply to
The From address in an infected message rarely means anything anymore...other than that your address was picked up somewhere to be used by it.
Quote Reply
Re: [ArmyAirForces] SoBig.F In reply to
Thanks for the quick reply... I thought as much, putting my mind to rest...


moog
-- I've spent most of my money on beer and women... the rest I just wasted.
Quote Reply
Re: [moog] SoBig.F In reply to
I wish people would put their programming skills to something more useful.... Imagine how much better the Internet would be if they used their skills constructivly :) (we can all dream).

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Alex] SoBig.F In reply to
Two of my email accounts got a couple of hundred returned virus detected emails this morning. Looking at the addresses it was sent to I realised there was a pattern and connected it to a company I used to do some work for (it looked like their kind of contact list) and sure enough they had got infected and my email addreses were in their address list.

It still amazes me that people open attachments without thinking first.

chmod
Quote Reply
Re: [chmod] SoBig.F In reply to
With the virus 'my details' ... do you have to open the attachment? I have my AV on, yet I'm still getting bounced emails from servers, saying that my email has been rejected because it contained a potential virus? As far as I know, no files were opened from the virus emails.... Unsure

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] SoBig.F In reply to
The AV sites say you have to open the attachment to get the virus, what seems to be happening is when someone gets the virus it picks an email from their list and then uses that as the from address, thats why we are getting returned emails that we never sent. I wouldn`t worry about them, there`s not a lot you can do about it.



chmod
Quote Reply
Re: [chmod] SoBig.F In reply to
Phew! I was getting worried, because my AV software didn't pick it up.

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] SoBig.F In reply to
The best defense against this kind of virus is to use Anti-Spam software using filters (make sure you've added filters to include keywords from the virus emails) to delete the emails on the server or mark them as SPAM before downloading them to your email client. -OR- you could beef up your email client (like Outlook) filters to automatically delete those messages.

I am using MailWasher Pro and it is doing a great job of catching those virus-ridden messages.
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Stealth] SoBig.F In reply to
Stealth has a good point about using spam filters to catch a lot of this stuff. A person need to be careful with spam filters though. I had a list setup in Outlook and was unable to recieve information I had requested by email from a machinery dealer. Outlook was permanently deleting the emails. I looked in the filter file and there was nothing obvious that would catch an email about construction equipment, as the filter was pretty much "course language". Never saw the original emails, so I don't know what was happening. The emails were not bouncing back to the sender, so the address was apparently correct. It was a nusicance, as I needed to reply in a time sensitive manner. Finally turned off the filters and had them fax me the information.
--
Rob

SW Montana's Online Community
Modular Model Railroading
> >