[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] SoBig.F strange problem

To: "Scott Phelps / Dreamwright Studios" <scottp@dreamwright.com>
Subject: RE: [Full-Disclosure] SoBig.F strange problem
From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
Date: Tue, 19 Aug 2003 21:58:21 +0200

Scott,

I know this problem, too. Fortunately not (yet) with SoBig.F, but with
other such virii. The answer is simple: I am sending mail to a lot of
people. My mail address is also on a lot of web sites. This provides
excellent material for the virus to find my mail address (and now yours)
and then it can use that address to forge it as the sender address.

So don't takeit personally. Sit back and relax. Anyhow, there is nothing
you can do against it...

Rainer

> -----Original Message-----
> From: Scott Phelps / Dreamwright Studios 
> [mailto:scottp@dreamwright.com] 
> Sent: Tuesday, August 19, 2003 9:01 PM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] SoBig.F strange problem
> 
> 
> 
> All day today I've been getting copies of SoBig.F. I've 
> gotten around 150 copies so far, and a large number of 
> postmaster bounces saying that a copy sent from my address 
> was undeliverable.
> 
> I know that SoBig forges the from address from files it finds 
> on the victims machine, but I can't for the life of me figure 
> out why I'm the attempted victim for so many other copies. 
> I'm not infected with the virus, I'm running antivirus that 
> strips the attachment before it lands in my inbox, and I'm 
> running a version of outlook that disallows the attachment 
> extensions that SoBig uses. I've run manual scans on all of 
> my machines, in case of infection through a network share, 
> but I don't have any of those from outside either. All the 
> emails seem to be coming from different places, but around 
> 90% are using a from address of @msu.edu.
> 
> Is there some logical explanation why I'm being singled out 
> here? My antivirus is driving me insane with popups, so I've 
> had to shut down my mail program to get some work done.
> 
> I'm sorry for the off topic nature of this question, but this 
> makes no sense to me!
> 
> Scott
> 
> 
>  
> 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] SoBig.F strange problem
  - From: Denis Dimick <denis@dimick.net>

Prev by Date: RE: [Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd)
Next by Date: RE: [Full-Disclosure] SoBig.F strange problem
Prev by thread: Re: [Full-Disclosure] SoBig.F strange problem
Next by thread: RE: [Full-Disclosure] SoBig.F strange problem
Index(es):
- Date
- Thread