lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: kboyer at ablelaw.org (Boyer Kristy)
Subject: SoBig.F strange problem

I'm having the same problem, but many of the emails that I'm getting are orginating from a comcast IP and from a res.aecom.yu.edu IP.... At about 1 email per 2 - 3 minutes...

-----Original Message-----
From: Joseph L. Hood [mailto:fnab@...rbus.com]
Sent: Tuesday, August 19, 2003 3:56 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] SoBig.F strange problem


The virus writes to addresses found in the addressbook, it also seems to
use random addresses, from the addressbook, as return addresses.  Look at
the headers to determine where the email is really originating.

More than likely you're getting hit from someone you know.


On Tue, 19 Aug 2003, Scott Phelps / Dreamwright Studios wrote:

> 
> All day today I've been getting copies of SoBig.F. I've gotten around 150
> copies so far, and a large number of postmaster bounces saying that a copy
> sent from my address was undeliverable.
> 
> I know that SoBig forges the from address from files it finds on the victims
> machine, but I can't for the life of me figure out why I'm the attempted
> victim for so many other copies. I'm not infected with the virus, I'm
> running antivirus that strips the attachment before it lands in my inbox,
> and I'm running a version of outlook that disallows the attachment
> extensions that SoBig uses. I've run manual scans on all of my machines, in
> case of infection through a network share, but I don't have any of those
> from outside either. All the emails seem to be coming from different places,
> but around 90% are using a from address of @msu.edu.
> 
> Is there some logical explanation why I'm being singled out here? My
> antivirus is driving me insane with popups, so I've had to shut down my mail
> program to get some work done.
> 
> I'm sorry for the off topic nature of this question, but this makes no sense
> to me!
> 
> Scott
> 
> 
>  
> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ