Clusterheadaches.com Message Board (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
New Message Board Archives >> 2003 Posts >> Danger! Danger Will Robinson!
(Message started by: Ted on Aug 20th, 2003, 2:35pm)

Title: Danger! Danger Will Robinson!
Post by Ted on Aug 20th, 2003, 2:35pm
I just got one of these from webmaster@clusterheadaches.com. And about a dozen more from random people over the past 10 minutes. Be careful because those sending it probably aren't aware that they are. So be sure to double check if you get an attachment from someone you know and trust and ask them if they sent you a file before you d/l it.

SAN FRANCISCO (Aug. 19) - A new mass e-mail worm that attempts to download files from the Internet and potentially leave computers vulnerable to further attack was spreading quickly around the world on Tuesday, anti-virus experts said.

The new worm, dubbed Sobig.F, is at least the fourth new, major Internet worm to hit computers worldwide in the past week, prompting anti-virus vendor F-Secure to declare this the ''worst virus week ever.''

Sobig.F, a variant of an older worm, began spreading on Monday in Europe and has infected an estimated tens of thousands of Windows-based computers, said Patrick Hinojosa, chief technology officer at Panda Software, based in Madrid.

It arrives in e-mail and includes a variety of subject lines, including ''Your details,'' ''Thank you!,'' ''Your application'' and ''Wicked screensaver.'' It has caused some corporate e-mail systems to grind to a halt, according to Sophos Inc.

When the .pif or .scr attachment is opened, Sobig.F infects the computer and sends itself on to other victims using a random e-mail address from the address book.

It also prepares the computer to receive orders and tries to download files from the Internet, said Hinojosa. It was unknown exactly what files they were, he said.

If the infected computer is on a shared network, the worm tries to copy itself to the other computers on that network.

The worm is programmed to stop spreading on Sept. 10.

Network Associates Inc. (NET.N) has rated Sobig.F a medium risk because of the quick rate of spread, said Jimmy Kuo, research fellow at Network Associates, an anti-virus software vendor.

Sobig.F was spreading at an ''alarming rate,'' accounting for nearly 80 percent of all infection reports recorded on Tuesday, according to anti-virus provider Central Command.

Sobig.F comes on the heels of the Blaster, or LoveSan, worm which hit hundreds of thousands of computers worldwide last week, spreading to victims through a security hole in the Windows operating system and crashing them.

On Monday, another worm surfaced that was written to remove Blaster from infected computers and patch the hole. That worm, dubbed ''Welchia'' or ''Nachi,'' was temporarily paralyzing many corporate networks, experts reported.

In addition, an e-mail hoax was circulating, purporting to be a patch from Microsoft for the security hole Blaster exploits. But the e-mail instead contains a Trojan application that installs itself on the computer as a back door enabling an attacker remote access to the system.

There has not been so much virus activity since the Code Red and Nimda worms hit about a year ago, experts said.

Reuters 18:36 08-19-03

Title: Re: Danger! Danger Will Robinson!
Post by Ted on Aug 20th, 2003, 2:51pm
Cat, it looks like you got hit too (sorry to post it here but you need to know). I tried e-mailing you twice about it but got the following message back from the postmaster:


  ----- The following addresses had permanent fatal errors -----
<catlind@twcny.rr.com>
   (reason: 550 5.1.1 unknown or illegal alias: catlind@twcny.rr.com)

  ----- Transcript of session follows -----
... while talking to ms-mta-02-fn.nyroc.rr.com.:
>>> DATA
<<< 550 5.1.1 unknown or illegal alias: catlind@twcny.rr.com
550 5.1.1 <catlind@twcny.rr.com>... User unknown
<<< 554 5.5.0 No recipients have been specified.


Title: Re: Danger! Danger Will Robinson!
Post by BillyJ. on Aug 20th, 2003, 3:02pm
Thank You Ted.
      I just recieved a bunch of them here too.I am ok
as long as I don't open any of them right?
                    puter stupid here,
                                           Billy

Title: Re: Danger! Danger Will Robinson!
Post by Ted on Aug 20th, 2003, 3:06pm
Hopefully as long as you don't d/l the files. I opened the mail but not the files because it seems AOL stripped the mail of the files before they got here.

Title: Re: Danger! Danger Will Robinson!
Post by Peppermint on Aug 20th, 2003, 3:07pm
FYi:
I received about 6 of those types of emails in the past hour. Not from ch.com, but to my yahoo address which is the one I use on this website.

Ted - Cat has a different email addy now.  I believe that one is now defunct.

Title: Re: Danger! Danger Will Robinson!
Post by Ted on Aug 20th, 2003, 3:15pm
That's weird because that's the one it came from. But it would explain the returned mail (I just hit "reply" when trying to mail her). Just not the initial one. Thanks for the fill-in though.

Title: Re: Danger! Danger Will Robinson!
Post by suzy617 on Aug 20th, 2003, 3:20pm
Yes I just got about 6 of them also which all said please see attached but there was nothing to download. I guess your right Ted that AOL took care of it.

Make sure you all are using protection...   ;)

Suzy

Title: Re: Danger! Danger Will Robinson!
Post by Leesa on Aug 20th, 2003, 4:15pm
Got one here to day and Norton got it for me! NANANANA :P When will they ever learn that some of us like me scan things before we open thme DUHHHHHH! Got 3 more just yes. from lord only knows who! If I dont know ya I delete ya!!  LOL  Ted thanks for the info and keep it coming so we stay safe out here in Clusterville.
Leesa that scans EVERYTHING so I don't get a  "bug" in, on,  or near  my puter.


PS: sometimes it's good to be smartass  ;D  Dave has taught me well.

Title: Re: Danger! Danger Will Robinson!
Post by DouglasL on Aug 20th, 2003, 4:44pm
I have you all beat!!!

I’m in reservations at a hotel here in the French Quarter.

My Outlook is set to retrieve messages every 60seconds.
I have been averaging 5 every 60 seconds making me delete over 300 of those things every hour.

DougL

Title: Re: Danger! Danger Will Robinson!
Post by Drk^Angel on Aug 20th, 2003, 4:49pm
Ted... The worm is prolly using a false reply to or sent by line in the header.  Most of 'em do nowadays... Prolly someone else on the board, with both you and cat's e-mail addresses in their address book got hit.  It grabbed her's for the from, and your's for the to.

PFDAN............................... Drk^Angel

Title: Re: Danger! Danger Will Robinson!
Post by Bob P on Aug 20th, 2003, 5:19pm
Drk is right.  The worm not only sends itself to address' it gets from an infected computer's address book but it also takes a name from the address book and sticks it in the "From" box of the e-mail.  The from address that is on the e-mail when you receive it doesn't mean that's where it came from.

Title: Re: Danger! Danger Will Robinson!
Post by catlind on Aug 20th, 2003, 5:27pm
Hiya Ted,

Sorry about that, I thought I had you on my email list of sending out to for the new emails.  My new email is catlind@cox.net.  The twcny.rr.com addy is disabled now.

Road runner has a virus scan built in to their server as well.

Sorry it took so long to read this hehe.  I'm slackin!

Never worry about posting regarding a virus on board.  If I've got one then everyone needs to know.

I will do a scan just to be sure :)

Cat

Title: Re: Danger! Danger Will Robinson!
Post by Melissa on Aug 20th, 2003, 5:45pm
my ISP quarentines all bugs, worms, etc., never gets to me mailbox! ;D

THX for the heads up Ted :)

Title: Re: Danger! Danger Will Robinson!
Post by Charlie on Aug 20th, 2003, 8:58pm
Thanks Ted and Svenn as well. He got me to look at this thing. It's a nasty bastard.

I've probably gotten half a dozen of these things too. I'm so afraid of stuff that I scan iffy email before opening it.  It doesn't take me long.

Charlie

Title: Re: Danger! Danger Will Robinson!
Post by cootie on Aug 20th, 2003, 9:55pm
I also got several of the 'than you' and 'wicked screensaver' emails but nothing there....my server automatically scans fer virus's so I guess it removed the harmful pieces parts ? So guess my pieces parts are safe Pam  :-/

Title: Re: Danger! Danger Will Robinson!
Post by Hooter on Aug 20th, 2003, 10:12pm
This looks a lot like an epidemic to me, I got one too,

Norton blocked it but it was the Sobig virus and the attachment was 'Thank You'. It came from someone called ND Cerberus, who I do not know, not surprisingly since that is the Hound from Hell!


This is the most widespread trouble I've ever seen



Wendy

Title: Re: Danger! Danger Will Robinson!
Post by jimbo on Aug 20th, 2003, 10:23pm
Does this mean my dick isn't gonna get bigger? Damn!
Lying spamin bastards! ;LMMFAO

Seeya,

jimbo



Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.