lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: denis at dimick.net (Denis Dimick)
Subject: SoBig.F strange problem

Just got off the phone with a small ISP out here in New Mexico.. Looks 
like one of there users has SoBig.f and is doing the same thing as Scott 
wrote about.. Not a lot you can do until ISP fix there mail servers to 
dis-allow this type of activity..

-Denis

On Tue, 19 Aug 2003, Rainer Gerhards wrote:

> Scott,
> 
> I know this problem, too. Fortunately not (yet) with SoBig.F, but with
> other such virii. The answer is simple: I am sending mail to a lot of
> people. My mail address is also on a lot of web sites. This provides
> excellent material for the virus to find my mail address (and now yours)
> and then it can use that address to forge it as the sender address.
> 
> So don't takeit personally. Sit back and relax. Anyhow, there is nothing
> you can do against it...
> 
> Rainer
> 
> > -----Original Message-----
> > From: Scott Phelps / Dreamwright Studios 
> > [mailto:scottp@...amwright.com] 
> > Sent: Tuesday, August 19, 2003 9:01 PM
> > To: full-disclosure@...ts.netsys.com
> > Subject: [Full-Disclosure] SoBig.F strange problem
> > 
> > 
> > 
> > All day today I've been getting copies of SoBig.F. I've 
> > gotten around 150 copies so far, and a large number of 
> > postmaster bounces saying that a copy sent from my address 
> > was undeliverable.
> > 
> > I know that SoBig forges the from address from files it finds 
> > on the victims machine, but I can't for the life of me figure 
> > out why I'm the attempted victim for so many other copies. 
> > I'm not infected with the virus, I'm running antivirus that 
> > strips the attachment before it lands in my inbox, and I'm 
> > running a version of outlook that disallows the attachment 
> > extensions that SoBig uses. I've run manual scans on all of 
> > my machines, in case of infection through a network share, 
> > but I don't have any of those from outside either. All the 
> > emails seem to be coming from different places, but around 
> > 90% are using a from address of @msu.edu.
> > 
> > Is there some logical explanation why I'm being singled out 
> > here? My antivirus is driving me insane with popups, so I've 
> > had to shut down my mail program to get some work done.
> > 
> > I'm sorry for the off topic nature of this question, but this 
> > makes no sense to me!
> > 
> > Scott
> > 
> > 
> >  
> > 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ