[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] SoBig.F strange problem

To: Rainer Gerhards <rgerhards@hq.adiscon.com>
Subject: RE: [Full-Disclosure] SoBig.F strange problem
From: Denis Dimick <denis@dimick.net>
Date: Tue, 19 Aug 2003 15:20:54 -0700 (PDT)

Just got off the phone with a small ISP out here in New Mexico.. Looks 
like one of there users has SoBig.f and is doing the same thing as Scott 
wrote about.. Not a lot you can do until ISP fix there mail servers to 
dis-allow this type of activity..

-Denis

On Tue, 19 Aug 2003, Rainer Gerhards wrote:

> Scott,
> 
> I know this problem, too. Fortunately not (yet) with SoBig.F, but with
> other such virii. The answer is simple: I am sending mail to a lot of
> people. My mail address is also on a lot of web sites. This provides
> excellent material for the virus to find my mail address (and now yours)
> and then it can use that address to forge it as the sender address.
> 
> So don't takeit personally. Sit back and relax. Anyhow, there is nothing
> you can do against it...
> 
> Rainer
> 
> > -----Original Message-----
> > From: Scott Phelps / Dreamwright Studios 
> > [mailto:scottp@dreamwright.com] 
> > Sent: Tuesday, August 19, 2003 9:01 PM
> > To: full-disclosure@lists.netsys.com
> > Subject: [Full-Disclosure] SoBig.F strange problem
> > 
> > 
> > 
> > All day today I've been getting copies of SoBig.F. I've 
> > gotten around 150 copies so far, and a large number of 
> > postmaster bounces saying that a copy sent from my address 
> > was undeliverable.
> > 
> > I know that SoBig forges the from address from files it finds 
> > on the victims machine, but I can't for the life of me figure 
> > out why I'm the attempted victim for so many other copies. 
> > I'm not infected with the virus, I'm running antivirus that 
> > strips the attachment before it lands in my inbox, and I'm 
> > running a version of outlook that disallows the attachment 
> > extensions that SoBig uses. I've run manual scans on all of 
> > my machines, in case of infection through a network share, 
> > but I don't have any of those from outside either. All the 
> > emails seem to be coming from different places, but around 
> > 90% are using a from address of @msu.edu.
> > 
> > Is there some logical explanation why I'm being singled out 
> > here? My antivirus is driving me insane with popups, so I've 
> > had to shut down my mail program to get some work done.
> > 
> > I'm sorry for the off topic nature of this question, but this 
> > makes no sense to me!
> > 
> > Scott
> > 
> > 
> >  
> > 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] SoBig.F strange problem
  - From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>

Prev by Date: RE: [Full-Disclosure] Al Qaida claims responsibility for blackout
Next by Date: RE: [Full-Disclosure] SCO Web Site Vulnerable to Slapper?
Prev by thread: RE: [Full-Disclosure] SoBig.F strange problem
Next by thread: RE: [Full-Disclosure] SoBig.F strange problem
Index(es):
- Date
- Thread