OT: But Board Related - Everyone Please Help - Virus: SoBigF
- mvhplank
- Posts: 1061
- Joined: Tue Jan 08, 2002 6:00 pm
- antispam: No
- Please enter the next number in sequence: 12
- Location: Gettysburg
- Contact:
Hi Lee,
I don't think I can blame the chiffboard, but some members with your e-mail may indeed have been lax about the anti-virus upgrades. I have one e-mail address listed here (mplank at ladyofthecreek dot com), and it's not the one that's been bombarded. My "home" address (mvhplank at something dot something) had been getting maybe 200 infected e-mails a day. However, none of them have actually made it to my computer. Here's why:
1. I screen my mail directly from the server via Webmail. Your ISP may or may not offer that option, but it's a handy way to check up on one e-mail account from a different computer or while on vacation.
2. My Eudora is set to stop downloading anything over 50k. That's mostly because I have a dial-up and don't want to sit through a lengthy download of something that I may not want. I can override it for files or senders I recognize. Since the Sobig is routinely over 100k, it's never made it to my home computer.
Finally, I contacted the support at my ISP and begged them to find a filter or something to free up my in-box. They located the server responsible for most of the messages and "blocked" it. So sorry, pal, if it's your computer that's inundating me, I can't get legitimate messages from you any more either.
Computer Associates offers an inexpensive anti-virus with a small footprint. It's only about $25 for the original and $10 for the annual upgrades. You can download updated virus signatures at any time you're under license. It didn't take forever to download and rooted out some Klez viruses in my trash can that were waiting to be launched. (http://www.cai.com)
Stay strong
M
I don't think I can blame the chiffboard, but some members with your e-mail may indeed have been lax about the anti-virus upgrades. I have one e-mail address listed here (mplank at ladyofthecreek dot com), and it's not the one that's been bombarded. My "home" address (mvhplank at something dot something) had been getting maybe 200 infected e-mails a day. However, none of them have actually made it to my computer. Here's why:
1. I screen my mail directly from the server via Webmail. Your ISP may or may not offer that option, but it's a handy way to check up on one e-mail account from a different computer or while on vacation.
2. My Eudora is set to stop downloading anything over 50k. That's mostly because I have a dial-up and don't want to sit through a lengthy download of something that I may not want. I can override it for files or senders I recognize. Since the Sobig is routinely over 100k, it's never made it to my home computer.
Finally, I contacted the support at my ISP and begged them to find a filter or something to free up my in-box. They located the server responsible for most of the messages and "blocked" it. So sorry, pal, if it's your computer that's inundating me, I can't get legitimate messages from you any more either.
Computer Associates offers an inexpensive anti-virus with a small footprint. It's only about $25 for the original and $10 for the annual upgrades. You can download updated virus signatures at any time you're under license. It didn't take forever to download and rooted out some Klez viruses in my trash can that were waiting to be launched. (http://www.cai.com)
Stay strong
M
Marguerite
Gettysburg
Gettysburg
- Chuck_Clark
- Posts: 2213
- Joined: Tue Jun 26, 2001 6:00 pm
- Please enter the next number in sequence: 1
- Location: Illinois, last time I looked
With all due respect, this doesnt really do much good. An annual update isn't enough when new viruses come out daily. Unless you meant that the annual fee is a subscription renewal, in which case I withdraw my comments.mvhplank wrote: Computer Associates offers an inexpensive anti-virus with a small footprint. It's only about $25 for the original and $10 for the annual upgrades. You can download updated virus signatures at any time you're under license. It didn't take forever to download and rooted out some Klez viruses in my trash can that were waiting to be launched. (http://www.cai.com)
- IDAwHOa
- Posts: 3069
- Joined: Fri Jul 11, 2003 9:04 am
- antispam: No
- Please enter the next number in sequence: 8
- Tell us something.: I play whistles. I sell whistles. This seems just a BIT excessive to the cause. A sentence or two is WAY less than 100 characters.
A little buried, but I am guessing that is what was meant by downloading at any time.Chuck_Clark wrote:Unless you meant that the annual fee is a subscription renewal, in which case I withdraw my comments.mvhplank wrote: You can download updated virus signatures at any time you're under license. (http://www.cai.com)
Steven - IDAwHOa - Wood Rocks
"If you keep asking questions.... You keep getting answers." - Miss Frizzle - The Magic School Bus
"If you keep asking questions.... You keep getting answers." - Miss Frizzle - The Magic School Bus
- LeeMarsh
- Posts: 1284
- Joined: Sun Jun 10, 2001 6:00 pm
- antispam: No
- Please enter the next number in sequence: 8
- Location: Odenton, MD (Wash-Baltimore Area)
M,
I have anti-virus, (I run Norton at work and home), and screen my mailbox via web mail. I've now rec'd over 500 of these little buggers, that I've deleted. The virus expires in 2 weeks. In those message, I did notice a couple of recognizable emails from folk on this board. The fact that it's my new email address that was just updated to this board last month, inclines me to believe it is someone active on the board that had me in their contact list. I have never been infected. But I think someone has who is active has been infected and gave up a number of our addresses. Unfortunately my ISP is very limited, also very cheeeaaaap for broadband.
Again my real concern is for whoever is infected. There's some encrypted nasties in this virus that indicate that the person could have real problems if they don't deal with it now. That's why I'm hoping this message gets out to some of the newbies to PC's and they run the little free fix to assure they don't loose everything. I suspect it may be a computer user who is not a techie thats infected.
Well enough of my Computer Help Desk Analyst persona, I have to do that all day at work. Now back to the the important things...
.
I have anti-virus, (I run Norton at work and home), and screen my mailbox via web mail. I've now rec'd over 500 of these little buggers, that I've deleted. The virus expires in 2 weeks. In those message, I did notice a couple of recognizable emails from folk on this board. The fact that it's my new email address that was just updated to this board last month, inclines me to believe it is someone active on the board that had me in their contact list. I have never been infected. But I think someone has who is active has been infected and gave up a number of our addresses. Unfortunately my ISP is very limited, also very cheeeaaaap for broadband.
Again my real concern is for whoever is infected. There's some encrypted nasties in this virus that indicate that the person could have real problems if they don't deal with it now. That's why I'm hoping this message gets out to some of the newbies to PC's and they run the little free fix to assure they don't loose everything. I suspect it may be a computer user who is not a techie thats infected.
Well enough of my Computer Help Desk Analyst persona, I have to do that all day at work. Now back to the the important things...
.
Enjoy Your Music,
Lee Marsh
From Odenton, MD.
Lee Marsh
From Odenton, MD.
- Easily_Deluded_Fool
- Posts: 485
- Joined: Sat Mar 02, 2002 6:00 pm
- Please enter the next number in sequence: 1
- Location: The space between thoughts.
I have just had seven of these virus infected emails.
All sent to the email address given here, all caught by NortonAV.
3 from names of this forum.
Somebody who knows us definately has the virus, which uses names in their address book to send us the virus, so it appears to be from ... who ever.
If you are running XP, disable the Restore function before removal, otherwise the virus may be restored after you've cleaned your machine.
'Tis an easy fix, pop off to symantec.com and click on the fix link.
We won't tell anybody. Honest
All sent to the email address given here, all caught by NortonAV.
3 from names of this forum.
Somebody who knows us definately has the virus, which uses names in their address book to send us the virus, so it appears to be from ... who ever.
If you are running XP, disable the Restore function before removal, otherwise the virus may be restored after you've cleaned your machine.
'Tis an easy fix, pop off to symantec.com and click on the fix link.
We won't tell anybody. Honest
No whistles were harmed in the transmission of this communication.
- Ridseard
- Posts: 1095
- Joined: Fri Jun 07, 2002 6:00 pm
- Please enter the next number in sequence: 1
- Contact:
I've gotten a ton of email from recipients who say that I sent them email containing the virus. It ain't me, though. I'm clean, according to the latest Norton updates, and my Eudora address book is empty/unused. (I never even installed Outlook Express.) I'm beginning to get more than a little pissed off. Hope nobody is doing this on purpose.Easily_Deluded_Fool wrote:I have just had seven of these virus infected emails.
All sent to the email address given here, all caught by NortonAV.
3 from names of this forum.
- Chuck_Clark
- Posts: 2213
- Joined: Tue Jun 26, 2001 6:00 pm
- Please enter the next number in sequence: 1
- Location: Illinois, last time I looked
I can say with assurance that my PC is clean as well. McAfee has caught every infection attempt and I never open unexpected attachments, even from close friends or relatives, without fist contacting them to ask if they sent it and what it is. In addition, I've always hated address books and never use them. Especially in GatesWorld, they seem to be a primary point of concern vis-a-vis viruses, so IMO their purported utility falls far short of their degree of risk.Ridseard wrote:I've gotten a ton of email from recipients who say that I sent them email containing the virus. It ain't me, though. I'm clean, according to the latest Norton updates, and my Eudora address book is empty/unused. (I never even installed Outlook Express.) I'm beginning to get more than a little pissed off. Hope nobody is doing this on purpose.Easily_Deluded_Fool wrote:I have just had seven of these virus infected emails.
All sent to the email address given here, all caught by NortonAV.
3 from names of this forum.
- lixnaw
- Posts: 1637
- Joined: Fri Jul 12, 2002 6:00 pm
- Please enter the next number in sequence: 1
- Location: Isle of Geese
you could be a very good detective on these matters larry,madguy wrote:I still don't understand what satisfaction these computer geeks with no lives other than a computer get from screwing with other peoples' machines. If someone can explain it to me, educate me, please!!!
~Larry
questioning those virus freaks
-
- Posts: 10
- Joined: Thu Aug 14, 2003 9:26 am
- Please enter the next number in sequence: 1
- Location: Vista, CA (San Diego County)
SoBig and other virii
As an IT professional, I deal with this stuff constantly - unfortunately not with quite the education and knowledge I would like to have.
The SoBig will harvest e-mail messages from your computer and send itself to them with a randomly chosen other identity. If not now, then someday a virus will be able to send itself "from" a name it harvested in an earlier infection.
One of the biggest problems is that anti-virus software can only recognize a REPORTED virus. That means someone will get a virus before any anti-virus company can recognize or fix it. Anti-virus software can also catch an unknown virus in two other ways: it is similar to an existing virus OR it has basic structure that is suspicious. AV software will recognize legitimate MS Word, Excel, or Adobe Acrobat patterns and can possibly sniff out the bad stuff ahead of time. Neat feature, but not something to count on.
Best policies: If you run e-mail software on your PC (as opposed to accessing through a web-browser as is done with Hotmail, AOL and Yahoo), make sure you have no Preview Pane operating. Some evil bits can be triggered just by the preview pane.
Another note: there is a thing I call the "idiot virus". This is a plain message (your computer won't be harmed by you opening and reading it), that instructs you to do something like find and delete a file (with kindly instructions on how to do these things). There are also scares and scams that work in similar ways. Before you take any such thing seriously, check a reputable AV software company's web-site. They have more than just a virus list, they have hoaxes and scams as well.
Here is a web-site that will let you look up key words:
http://www.symantec.com/search/
(I don't know how to paste an active link so you may have to copy and paste in your browser's Address line.)
The SoBig will harvest e-mail messages from your computer and send itself to them with a randomly chosen other identity. If not now, then someday a virus will be able to send itself "from" a name it harvested in an earlier infection.
One of the biggest problems is that anti-virus software can only recognize a REPORTED virus. That means someone will get a virus before any anti-virus company can recognize or fix it. Anti-virus software can also catch an unknown virus in two other ways: it is similar to an existing virus OR it has basic structure that is suspicious. AV software will recognize legitimate MS Word, Excel, or Adobe Acrobat patterns and can possibly sniff out the bad stuff ahead of time. Neat feature, but not something to count on.
Best policies: If you run e-mail software on your PC (as opposed to accessing through a web-browser as is done with Hotmail, AOL and Yahoo), make sure you have no Preview Pane operating. Some evil bits can be triggered just by the preview pane.
Another note: there is a thing I call the "idiot virus". This is a plain message (your computer won't be harmed by you opening and reading it), that instructs you to do something like find and delete a file (with kindly instructions on how to do these things). There are also scares and scams that work in similar ways. Before you take any such thing seriously, check a reputable AV software company's web-site. They have more than just a virus list, they have hoaxes and scams as well.
Here is a web-site that will let you look up key words:
http://www.symantec.com/search/
(I don't know how to paste an active link so you may have to copy and paste in your browser's Address line.)
-
- Posts: 82
- Joined: Mon Oct 28, 2002 6:00 pm
- Please enter the next number in sequence: 1
- Location: Seattle
- Contact:
Whew. When this thing broke out, the MS hotlines backed up as much as 4 hours, and they were asking everyone in the windows group to help staff the hotlines. What a mess. Just FYI, even without buying anti-virus software, there's a few things you guys can do to minimize the likelihood of having virus problems. If you have WinXP, there's a built in firewall, but it's not on by default. Check out this website for how to use it, etc.
http://www.microsoft.com/protect
Oh, and with this virus, it doesn't really matter if you're running pine for email... if you open the attachment on a Windows PC, it runs its own net software to propagate. It doesn't just exploit Outlook. Pretty crazy, eh?
Seriously though, check out the link, it has some useful info. Oh, and about the hoax email... just to make it official:
http://www.microsoft.com/technet/treevi ... h_hoax.asp
Hope this helps you guys a bit.
- Ben
http://www.microsoft.com/protect
Oh, and with this virus, it doesn't really matter if you're running pine for email... if you open the attachment on a Windows PC, it runs its own net software to propagate. It doesn't just exploit Outlook. Pretty crazy, eh?
Seriously though, check out the link, it has some useful info. Oh, and about the hoax email... just to make it official:
http://www.microsoft.com/technet/treevi ... h_hoax.asp
Hope this helps you guys a bit.
- Ben
-
- Posts: 82
- Joined: Mon Oct 28, 2002 6:00 pm
- Please enter the next number in sequence: 1
- Location: Seattle
- Contact:
Not a full backup, but check this out:lixnaw wrote:i just heard on a radio that there are now programmes wich make back-ups daly and automatically of your whole hard-disk. but i didn't hear any details.
so in future, we might not have to worry about viruses
http://www.microsoft.com/windowsxp/pro/ ... estore.asp
I've never needed it myself, but some of my relatives tend to almost abuse it.
- Ben
-
- Posts: 2233
- Joined: Wed Feb 20, 2002 6:00 pm
- antispam: No
- Please enter the next number in sequence: 10
- Location: Back home in the Green and Musty Isle, in Dublin.
-
- Posts: 10
- Joined: Thu Aug 14, 2003 9:26 am
- Please enter the next number in sequence: 1
- Location: Vista, CA (San Diego County)
A little more on virii, etc.
First a correction: I stated that SoBig harvests e-mail messages - I meant e-mail addresses. Some virii (this one might be one of them) harvest addresses, passwords, credit card numbers and more from places other than the usual storage locations. Some of these can pull a credit card number from a Word document or a database!
Also: The Microsoft link provided by Tinker is an excellent resource (I suggest bookmarking it!), however it does not mention the ones that have scary stuff like: "I just got this from a friend who said that he heard on CNN about a terrible virus. This virus is called JDBGMGR.EXE, and the icon is a teddy bear. Tell everyone you know about this, because it can make delete everything on your hard drive if you don't catch it in time." This hoax (I paraphrased a real hoax) can be found through the Symantec link. Try looking up JDBGMGR.EXE at the link I gave earlier if you want to see how their site works. Basically if a reputable anti-virus software company has nothing to report and Microsoft has nothing to report - it's probably not legitimate (how would CNN know before the anti-virus people?).
Also: In case Tinker's warning wasn't enough, don't download patches, etc. from an e-mail claiming to have Windows updates! Use only the genuine thing - the Microsoft web-site reached through normal (not e-mail) channels. If you use Apple or Linux, you probably want to know the corresponding information (THE source of legitimate software patches, updates, etc.)
P.S. Whistle on! Thank goodness you don't need a computer for that!
Also: The Microsoft link provided by Tinker is an excellent resource (I suggest bookmarking it!), however it does not mention the ones that have scary stuff like: "I just got this from a friend who said that he heard on CNN about a terrible virus. This virus is called JDBGMGR.EXE, and the icon is a teddy bear. Tell everyone you know about this, because it can make delete everything on your hard drive if you don't catch it in time." This hoax (I paraphrased a real hoax) can be found through the Symantec link. Try looking up JDBGMGR.EXE at the link I gave earlier if you want to see how their site works. Basically if a reputable anti-virus software company has nothing to report and Microsoft has nothing to report - it's probably not legitimate (how would CNN know before the anti-virus people?).
Also: In case Tinker's warning wasn't enough, don't download patches, etc. from an e-mail claiming to have Windows updates! Use only the genuine thing - the Microsoft web-site reached through normal (not e-mail) channels. If you use Apple or Linux, you probably want to know the corresponding information (THE source of legitimate software patches, updates, etc.)
P.S. Whistle on! Thank goodness you don't need a computer for that!