[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4B61670F602D4943A14C1A61FA1C6FBA936D91@newton.freelawyers.org>
From: kboyer at ablelaw.org (Boyer Kristy)
Subject: SoBig.F strange problem
I'm having the same problem, but many of the emails that I'm getting are orginating from a comcast IP and from a res.aecom.yu.edu IP.... At about 1 email per 2 - 3 minutes...
-----Original Message-----
From: Joseph L. Hood [mailto:fnab@...rbus.com]
Sent: Tuesday, August 19, 2003 3:56 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] SoBig.F strange problem
The virus writes to addresses found in the addressbook, it also seems to
use random addresses, from the addressbook, as return addresses. Look at
the headers to determine where the email is really originating.
More than likely you're getting hit from someone you know.
On Tue, 19 Aug 2003, Scott Phelps / Dreamwright Studios wrote:
>
> All day today I've been getting copies of SoBig.F. I've gotten around 150
> copies so far, and a large number of postmaster bounces saying that a copy
> sent from my address was undeliverable.
>
> I know that SoBig forges the from address from files it finds on the victims
> machine, but I can't for the life of me figure out why I'm the attempted
> victim for so many other copies. I'm not infected with the virus, I'm
> running antivirus that strips the attachment before it lands in my inbox,
> and I'm running a version of outlook that disallows the attachment
> extensions that SoBig uses. I've run manual scans on all of my machines, in
> case of infection through a network share, but I don't have any of those
> from outside either. All the emails seem to be coming from different places,
> but around 90% are using a from address of @msu.edu.
>
> Is there some logical explanation why I'm being singled out here? My
> antivirus is driving me insane with popups, so I've had to shut down my mail
> program to get some work done.
>
> I'm sorry for the off topic nature of this question, but this makes no sense
> to me!
>
> Scott
>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists