[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] SoBig.F strange problem

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] SoBig.F strange problem
From: "Scott Phelps / Dreamwright Studios" <scottp@dreamwright.com>
Date: Tue, 19 Aug 2003 15:00:48 -0400


All day today I've been getting copies of SoBig.F. I've gotten around 150
copies so far, and a large number of postmaster bounces saying that a copy
sent from my address was undeliverable.

I know that SoBig forges the from address from files it finds on the victims
machine, but I can't for the life of me figure out why I'm the attempted
victim for so many other copies. I'm not infected with the virus, I'm
running antivirus that strips the attachment before it lands in my inbox,
and I'm running a version of outlook that disallows the attachment
extensions that SoBig uses. I've run manual scans on all of my machines, in
case of infection through a network share, but I don't have any of those
from outside either. All the emails seem to be coming from different places,
but around 90% are using a from address of @msu.edu.

Is there some logical explanation why I'm being singled out here? My
antivirus is driving me insane with popups, so I've had to shut down my mail
program to get some work done.

I'm sorry for the off topic nature of this question, but this makes no sense
to me!

Scott

smime.p7s

Follow-Ups:
- Re: [Full-Disclosure] SoBig.F strange problem
  - From: "Joseph L. Hood" <fnab@acerbus.com>
- RE: [Full-Disclosure] SoBig.F strange problem
  - From: "Richard M. Smith" <rms@computerbytesman.com>

Prev by Date: RE: [Full-Disclosure] Anyone? Important Security Update for the .NET Messenger Service
Next by Date: Re: [Full-Disclosure] Windows Update: A single point of failure forthe world's economy?
Prev by thread: [Full-Disclosure] Anyone? Important Security Update for the .NET Messenger Service
Next by thread: Re: [Full-Disclosure] SoBig.F strange problem
Index(es):
- Date
- Thread