Author |
Topic: Danger! Danger Will Robinson! (Read 340 times) |
|
Ted
New Board Newbie
I love YaBB 1G - SP1!
Gender: 
Posts: 1
|
 |
Danger! Danger Will Robinson!
« on: Aug 20th, 2003, 2:35pm » |
 Quote  Modify
|
I just got one of these from webmaster@clusterheadaches.com. And about a dozen more from random people over the past 10 minutes. Be careful because those sending it probably aren't aware that they are. So be sure to double check if you get an attachment from someone you know and trust and ask them if they sent you a file before you d/l it.
SAN FRANCISCO (Aug. 19) - A new mass e-mail worm that attempts to download files from the Internet and potentially leave computers vulnerable to further attack was spreading quickly around the world on Tuesday, anti-virus experts said.
The new worm, dubbed Sobig.F, is at least the fourth new, major Internet worm to hit computers worldwide in the past week, prompting anti-virus vendor F-Secure to declare this the ''worst virus week ever.''
Sobig.F, a variant of an older worm, began spreading on Monday in Europe and has infected an estimated tens of thousands of Windows-based computers, said Patrick Hinojosa, chief technology officer at Panda Software, based in Madrid.
It arrives in e-mail and includes a variety of subject lines, including ''Your details,'' ''Thank you!,'' ''Your application'' and ''Wicked screensaver.'' It has caused some corporate e-mail systems to grind to a halt, according to Sophos Inc.
When the .pif or .scr attachment is opened, Sobig.F infects the computer and sends itself on to other victims using a random e-mail address from the address book.
It also prepares the computer to receive orders and tries to download files from the Internet, said Hinojosa. It was unknown exactly what files they were, he said.
If the infected computer is on a shared network, the worm tries to copy itself to the other computers on that network.
The worm is programmed to stop spreading on Sept. 10.
Network Associates Inc. (NET.N) has rated Sobig.F a medium risk because of the quick rate of spread, said Jimmy Kuo, research fellow at Network Associates, an anti-virus software vendor.
Sobig.F was spreading at an ''alarming rate,'' accounting for nearly 80 percent of all infection reports recorded on Tuesday, according to anti-virus provider Central Command.
Sobig.F comes on the heels of the Blaster, or LoveSan, worm which hit hundreds of thousands of computers worldwide last week, spreading to victims through a security hole in the Windows operating system and crashing them.
On Monday, another worm surfaced that was written to remove Blaster from infected computers and patch the hole. That worm, dubbed ''Welchia'' or ''Nachi,'' was temporarily paralyzing many corporate networks, experts reported.
In addition, an e-mail hoax was circulating, purporting to be a patch from Microsoft for the security hole Blaster exploits. But the e-mail instead contains a Trojan application that installs itself on the computer as a back door enabling an attacker remote access to the system.
There has not been so much virus activity since the Code Red and Nimda worms hit about a year ago, experts said.
Reuters 18:36 08-19-03
|
|
 IP Logged |
|
|
|
Ted
New Board Newbie
I love YaBB 1G - SP1!
Gender:
Posts: 1
|
|
Re: Danger! Danger Will Robinson!
« Reply #1 on: Aug 20th, 2003, 2:51pm » |
Quote Modify
|
Cat, it looks like you got hit too (sorry to post it here but you need to know). I tried e-mailing you twice about it but got the following message back from the postmaster:
----- The following addresses had permanent fatal errors -----
<catlind@twcny.rr.com>
(reason: 550 5.1.1 unknown or illegal alias: catlind@twcny.rr.com)
----- Transcript of session follows -----
... while talking to ms-mta-02-fn.nyroc.rr.com.:
>>> DATA
<<< 550 5.1.1 unknown or illegal alias: catlind@twcny.rr.com
550 5.1.1 <catlind@twcny.rr.com>... User unknown
<<< 554 5.5.0 No recipients have been specified.
|
|
IP Logged |
|
|
|
BillyJ.
Guest
|
|
Re: Danger! Danger Will Robinson!
« Reply #2 on: Aug 20th, 2003, 3:02pm » |
Quote Modify
 Remove
|
Thank You Ted.
I just recieved a bunch of them here too.I am ok
as long as I don't open any of them right?
puter stupid here,
Billy
|
|
IP Logged |
|
|
|
Ted
New Board Newbie
I love YaBB 1G - SP1!
Gender:
Posts: 1
|
|
Re: Danger! Danger Will Robinson!
« Reply #3 on: Aug 20th, 2003, 3:06pm » |
Quote Modify
|
Hopefully as long as you don't d/l the files. I opened the mail but not the files because it seems AOL stripped the mail of the files before they got here.
|
|
IP Logged |
|
|
|
Peppermint
CH.com Alumnus
New Board Hall of Famer
Work it out baby!
 
Gender: 
Posts: 2605
|
|
Re: Danger! Danger Will Robinson!
« Reply #4 on: Aug 20th, 2003, 3:07pm » |
Quote Modify
|
FYi:
I received about 6 of those types of emails in the past hour. Not from ch.com, but to my yahoo address which is the one I use on this website.
Ted - Cat has a different email addy now. I believe that one is now defunct.
|
|
IP Logged |
You like apples? How ya like them apples?
When playing in the gym, beware of steel beams. - M. Amyx
Carve your name on hearts, and not on marble. - Charles H. Spurgeon
FYI - I am NOT a clusterhead.
|
|
|
Ted
New Board Newbie
I love YaBB 1G - SP1!
Gender:
Posts: 1
|
|
Re: Danger! Danger Will Robinson!
« Reply #5 on: Aug 20th, 2003, 3:15pm » |
Quote Modify
|
That's weird because that's the one it came from. But it would explain the returned mail (I just hit "reply" when trying to mail her). Just not the initial one. Thanks for the fill-in though.
|
|
IP Logged |
|
|
|
suzy617
CH.com Alumnus
New Board Hall of Famer
Love is friendship set on fire
Gender:
Posts: 1902
|
|
Re: Danger! Danger Will Robinson!
« Reply #6 on: Aug 20th, 2003, 3:20pm » |
Quote Modify
|
Yes I just got about 6 of them also which all said please see attached but there was nothing to download. I guess your right Ted that AOL took care of it.
Make sure you all are using protection... 
Suzy
|
|
IP Logged |
When God measures men, He puts the tape around the heart, not the head.
|
|
|
Leesa
New Board Hall of Famer
Gender:
Posts: 1950
|
|
Re: Danger! Danger Will Robinson!
« Reply #7 on: Aug 20th, 2003, 4:15pm » |
Quote Modify
|
Got one here to day and Norton got it for me! NANANANA  When will they ever learn that some of us like me scan things before we open thme DUHHHHHH! Got 3 more just yes. from lord only knows who! If I dont know ya I delete ya!! LOL Ted thanks for the info and keep it coming so we stay safe out here in Clusterville.
Leesa that scans EVERYTHING so I don't get a "bug" in, on, or near my puter.
PS: sometimes it's good to be smartass  Dave has taught me well.
|
|
IP Logged |
"The truth of the matter is that you always know the right thing to do. The hard part is doing it." General H. Norman Schwarzkopf 
|
|
|
DouglasL
Guest
|
|
Re: Danger! Danger Will Robinson!
« Reply #8 on: Aug 20th, 2003, 4:44pm » |
Quote Modify
Remove
|
I have you all beat!!!
I’m in reservations at a hotel here in the French Quarter.
My Outlook is set to retrieve messages every 60seconds.
I have been averaging 5 every 60 seconds making me delete over 300 of those things every hour.
DougL
|
|
IP Logged |
|
|
|
Azrael
New Board Hall of Famer
Sometimes... Being good just ain't worth it.
  
Gender:
Posts: 1786
|
|
Re: Danger! Danger Will Robinson!
« Reply #9 on: Aug 20th, 2003, 4:49pm » |
Quote Modify
|
Ted... The worm is prolly using a false reply to or sent by line in the header. Most of 'em do nowadays... Prolly someone else on the board, with both you and cat's e-mail addresses in their address book got hit. It grabbed her's for the from, and your's for the to.
PFDAN............................... Drk^Angel
|
|
IP Logged |
"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
|
|
|
Bob P
New Board Hall of Famer
Shut up Bob!
Gender:
Posts: 3436
|
|
Re: Danger! Danger Will Robinson!
« Reply #10 on: Aug 20th, 2003, 5:19pm » |
Quote Modify
|
Drk is right. The worm not only sends itself to address' it gets from an infected computer's address book but it also takes a name from the address book and sticks it in the "From" box of the e-mail. The from address that is on the e-mail when you receive it doesn't mean that's where it came from.
|
|
IP Logged |
Mrs. Barlow, I never, and I repeat never, ever pissed in your steam iron.
"SHUT UP HUB!"
|
|
|
catlind
CH.com Alumnus
New Board Hall of Famer
Taz taught me the cluster dance
Gender:
Posts: 3433
|
|
Re: Danger! Danger Will Robinson!
« Reply #11 on: Aug 20th, 2003, 5:27pm » |
Quote Modify
|
Hiya Ted,
Sorry about that, I thought I had you on my email list of sending out to for the new emails. My new email is catlind@cox.net. The twcny.rr.com addy is disabled now.
Road runner has a virus scan built in to their server as well.
Sorry it took so long to read this hehe. I'm slackin!
Never worry about posting regarding a virus on board. If I've got one then everyone needs to know.
I will do a scan just to be sure
Cat
|
|
IP Logged |
A true friend is someone who reaches for your hand and touches your heart
If yer gonna be stupid, ya gotta be tough
|
|
|
Melissa
Guest
|
|
Re: Danger! Danger Will Robinson!
« Reply #12 on: Aug 20th, 2003, 5:45pm » |
Quote Modify
Remove
|
my ISP quarentines all bugs, worms, etc., never gets to me mailbox! ;D
THX for the heads up Ted
|
|
IP Logged |
|
|
|
Charlie
CH.com Alumnus
New Board Hall of Famer
Happy to be here
 
Gender:
Posts: 14968
|
|
Re: Danger! Danger Will Robinson!
« Reply #13 on: Aug 20th, 2003, 8:58pm » |
Quote Modify
|
Thanks Ted and Svenn as well. He got me to look at this thing. It's a nasty bastard.
I've probably gotten half a dozen of these things too. I'm so afraid of stuff that I scan iffy email before opening it. It doesn't take me long.
Charlie
|
|
IP Logged |
There is nothing more satisfying than being shot at without result---Winston Churchill
|
|
|
cootie
New Board Hall of Famer
sumday I'm gonna be sumbody........ ..
Gender:
Posts: 8406
|
|
Re: Danger! Danger Will Robinson!
« Reply #14 on: Aug 20th, 2003, 9:55pm » |
Quote Modify
|
I also got several of the 'than you' and 'wicked screensaver' emails but nothing there....my server automatically scans fer virus's so I guess it removed the harmful pieces parts ? So guess my pieces parts are safe Pam 
|
|
IP Logged |
Cause and Effect......"Cause is the effect concealed, Effect is the cause revealed"
|
|
|
Hooter
Guest
|
|
Re: Danger! Danger Will Robinson!
« Reply #15 on: Aug 20th, 2003, 10:12pm » |
Quote Modify
Remove
|
This looks a lot like an epidemic to me, I got one too,
Norton blocked it but it was the Sobig virus and the attachment was 'Thank You'. It came from someone called ND Cerberus, who I do not know, not surprisingly since that is the Hound from Hell!
This is the most widespread trouble I've ever seen
Wendy
|
|
IP Logged |
|
|
|
jimmers
CH.com Alumnus
New Board Hall of Famer
Hello GOD! The gene pool needs some chlorine!
Gender:
Posts: 2092
|
|
Re: Danger! Danger Will Robinson!
« Reply #16 on: Aug 20th, 2003, 10:23pm » |
Quote Modify
|
Does this mean my dick isn't gonna get bigger? Damn!
Lying spamin bastards! ;LMMFAO
Seeya,
jimbo
|
|
IP Logged |
I don't suffer from INSANITY; I'm enjoying every minute of it!
|
|
|
|
|
|
Home
Help
Search
Members
Member Map
Login
Register
Reply
Notify of replies
Send Topic
Print
test rss