lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <28915501A44DBA4587FE1019D675F983093A73@grfint.intern.adiscon.com>
From: rgerhards at hq.adiscon.com (Rainer Gerhards)
Subject: SoBig.F strange problem

Scott,

I know this problem, too. Fortunately not (yet) with SoBig.F, but with
other such virii. The answer is simple: I am sending mail to a lot of
people. My mail address is also on a lot of web sites. This provides
excellent material for the virus to find my mail address (and now yours)
and then it can use that address to forge it as the sender address.

So don't takeit personally. Sit back and relax. Anyhow, there is nothing
you can do against it...

Rainer

> -----Original Message-----
> From: Scott Phelps / Dreamwright Studios 
> [mailto:scottp@...amwright.com] 
> Sent: Tuesday, August 19, 2003 9:01 PM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] SoBig.F strange problem
> 
> 
> 
> All day today I've been getting copies of SoBig.F. I've 
> gotten around 150 copies so far, and a large number of 
> postmaster bounces saying that a copy sent from my address 
> was undeliverable.
> 
> I know that SoBig forges the from address from files it finds 
> on the victims machine, but I can't for the life of me figure 
> out why I'm the attempted victim for so many other copies. 
> I'm not infected with the virus, I'm running antivirus that 
> strips the attachment before it lands in my inbox, and I'm 
> running a version of outlook that disallows the attachment 
> extensions that SoBig uses. I've run manual scans on all of 
> my machines, in case of infection through a network share, 
> but I don't have any of those from outside either. All the 
> emails seem to be coming from different places, but around 
> 90% are using a from address of @msu.edu.
> 
> Is there some logical explanation why I'm being singled out 
> here? My antivirus is driving me insane with popups, so I've 
> had to shut down my mail program to get some work done.
> 
> I'm sorry for the off topic nature of this question, but this 
> makes no sense to me!
> 
> Scott
> 
> 
>  
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ