OT: But Board Related - Everyone Please Help - Virus: SoBigF

[LeeMarsh]

80% of the folks that have my new e-mail address are on this board. Someone with my address has the virus.
SoBigF (here's a cnn article for details: <a href=http://www.cnn.com/2003/TECH/internet/0 ... index.html> SoBig.F Breaks Virus Speed Records</a>.

I have recieved over 160 infected messages, each about 100k in the last 8 hours. Thats over 16meg in a 30 meg mail box. At that rate my mail box will fill up if I don't empty it twice a day. This is my private mail box and recieves a only 2 newsletters other than C&F; only about 10 non-C&F folks have the address. So it's likely that someone here is infected.

Also the above article estimates that about 30 percent of the folks in Britain, US, and China have been hit by this virus.

Request: Please scan your PC's for SoBigF. There are a number of sites that have free scan software and anti-virus programs. Here's one: <a href=http://securityresponse.symantec.com/av ... Symantec's Find and Remove Tool</a> that I got from the other post. I'd say e-mail me if you need software to scan and fix; but ... I don't have the room in my mailbox.

Also, anyone who sends me anything between 95k-105k, I'll probably delete your message without reading it. Please resend it in smaller or larger bits if it's legitimate.

You know the real problem with this whole thing is that it takes away from my time tracking my new whistle (a Harper regular d) that UPS is "transit" ing to my house . I couldn't pass it up on E-bay, A harper whistle being played by me in my home in Harper's Mill, MD...

Addendum: I just saw the other post here, <a href=http://chiffboard.mati.ca/viewtopic.php?t=13662>OT: Computer Virus Question</a>. It sounds like others have encountered this little bug. I updated the above with paragraph with a link to symantec's fix.

Please help me get back to enjoying my music, and here's hoping this virus leaves you alone and lets you ...

[Chuck_Clark]

It may be someone on the board. I've been hit by several dozen attempts, but McAfee caught them all. 'Twas a minor inconvenience in that it really slows down e-mail DLs but otherwise was just a nuisance.

[LeeMarsh]

Chuck,
Yep, mine are caught because I don't use MS-Outlook just web mail for that account. Howerver, since my earlier post (3 hours ago) I've had to delete 40 more of the little buggers (4 meg). So I hope folks will check their PC's.
Several of the mail servers have had anti-virus upgrades to catch these things, but unfortunately not my web account.

Inconvenience and its pricklies are about to be soothed by a little time spent elsewhere, to the place my music will take me while I spend a little time with it.

[Parcour25]

I've been reading about this virus Lee. It has messed up some systems real badly. I'm on AOL for five months now. I have not seen the first email with attachments for the entire time. In the past, for years, I was on AT&T Broadband (now Comcast). That system allowed everything through but the kitchen sink. One virus did get downloaded back then before I got McAfee and I had to have my drive reformatted. Lost everything! Stay vigilant.

[Cayden]

I jsut received the virus from LOREN's old e-mail address so it must find us by way of this board.

On the positive side I have bee nusing a program called mailwasher [www.mailwasher.net] which enables you to see what messages are on the server before you download them and then delete and bounce them as you see fit so you only donwload the ones you want. Works for me. Just bounced 65 messages I didn't want.

[Roger O'Keeffe]

I've tried using mailwasher and had all sorts of problems - mainly non-authentication by my ISP's mailserver, but I've also managed to lose a few genuine messages somewhere in the transition from it to Outlook.

However, last night I was having so many problems downloading 162 (!) e-mails that I tried it in desperation and it worked OK. About a third of the messages were evidently virus-generated or infected, and the rest were spam. So I tried it again this evening, and it was back to the old problem of non-authentication. However, I noticed one message from MS with "re your software" in the subject line. Am I right in guessing that this is probably another virus job?

I followed advice and tried to log on to MS for whatever updates are required to deal with the latest problems, but can't download anything, the machine just times out after a long period of inactivity. Any advice?

[avanutria]

re your software is a spam, I can almost guarantee it. MS won't notify you like that.

Never follow any directions that you get in an email, either, as they are more than likely trying to trick you into downloading a virus.

[lixnaw]

maybe it's best to install a second, removable hard disk, with your precious storings on it.
this is quicker then putting it all on cd.

i just use a norton anti-virus, but i don't think any anti-virus is 100% reliable.

[IDAwHOa]

I have actually received one of the virus files with the email address of:

webmaster@mati.ca

That should be quite familiar to all. I certainly do not hope the server is the one sending out all these emails. I have to check my email 2-3 times a day to keep it from overflowing beyond the space limits allowed by Yahoo. The odd thing is it is only my norcalmusician email that is getting hit. Most of these files are being sent to my "Bulk" mail folder, I wonder if there is any way to have them deleted immediately?

[Chuck_Clark]

i just use a norton anti-virus, but i don't think any anti-virus is 100% reliable.

Not 100%, perhaps but very close. The trick is to pay for a subscription to a good one such as Norton or McAfee and update it when they advise. That way, the only way you might get hit is if you pick up a brand new one before they get the upgrade out. You want to pay though, simply because it is economically impossible for any free AV to keep up with new nasties. These things are constantly emerging - I've literally seen McAfee put out three upgrades in a day - and I remember from the past that Symantec (Norton) was the same way. I will tell you this - in seven years of subscribing to McAfee, both at home and to the corporate version in my past life, I have NEVER seen a successful attack on a McAfee-protected computer.

But it should be reiterated here that NO AV should be relied on religiously without sensible precaution on the user's part. Never open an unsolicited attachment, even when you know the purported sender. If you get something that you weren't expecting from a friend , the few hours needed to e-mail them and ask if its valid and what it is are not worth the risk of killing your PC.

Simply not opening the attachment would have pulled most of SoBig's fangs.

[sturob]

Something really frustrating is the fact that the virus seems to be looking through people's mailboxes and sends email "from" the addresses it finds. I've gotten a ton of mail "bounced" back to me for having the virus attached. . . and the mail was sent from Outlook Express.

I've got a Mac, and no Outlook. I've scanned my computer with the latest Norton update, and no virus. But I guess other people still have it.

Blech!

This one's particularly bad; I don't remember ever getting so much spam from a virus.

Stuart

[IDAwHOa]

Something really frustrating is the fact that the virus seems to be looking through people's mailboxes and sends email "from" the addresses it finds. I've gotten a ton of mail "bounced" back to me for having the virus attached. . . and the mail was sent from Outlook Express.
Stuart

The question I have is:

Why am I getting the bounce messages even though I have NEVER opened one of the .pif files and my computers at home and at work are protected and check clean? Is it the infected computer(s) not only sending the files to me, but sending them in my behalf from the infected computer as well?

Another question I have is who was it, here I presume, that got it and are they still not aware that they are infected? Or does this thing have a life of its own?

[Daniel_Bingamon]

I've receieved a number of emails that appear to be the virus. Fortunately I don't use Outlook and I run Windows 98SE not XP.
I've used the Eudora Email program and the grisoft.com 's AVG Anti-Virus the two work well together with very little investment.

[Steven]

[quote="NorCalMusician]Why am I getting the bounce messages even though I have NEVER opened one of the .pif files and my computers at home and at work are protected and check clean? Is it the infected computer(s) not only sending the files to me, but sending them in my behalf from the infected computer as well?

Another question I have is who was it, here I presume, that got it and are they still not aware that they are infected? Or does this thing have a life of its own?[/quote]
The reason you are getting messages bounced back to you about the virus even though you never sent it out is because of how the virus works. When it does get into someone's computer, it sends itself to everybody in that person's Contacts list. However, it picks one of those names at random and substitutes that into the "From" field of the messages it sends out. That way, nobody can track who they got it from, so you can't find out who started the thing in the first place.

I've been getting lots of copies of the virus in my inbox (easy to delete without opening), plus even more bounced messages coming back to me saying that I sent the virus, even though I didn't. Luckily, however, despite all the people who were foolish enough to open the attachment and get infected, the virus is programmed to self-destruct in a couple of weeks (Sept. 10, I believe), so at least it won't go on beyond then.

:roll:
Steven

[Chuck_Clark]

Something really frustrating is the fact that the virus seems to be looking through people's mailboxes and sends email "from" the addresses it finds. I've gotten a ton of mail "bounced" back to me for having the virus attached. . . and the mail was sent from Outlook Express.
Stuart

The question I have is:

Why am I getting the bounce messages even though I have NEVER opened one of the .pif files and my computers at home and at work are protected and check clean? Is it the infected computer(s) not only sending the files to me, but sending them in my behalf from the infected computer as well?

Another question I have is who was it, here I presume, that got it and are they still not aware that they are infected? Or does this thing have a life of its own?

The answer is that some of the nastier viruses not only use an infected host computer to shotgun messages with copies of themselves out, but they try to spoof the protective systems by faking their origin to look like they came from someone else. That makes it harder to track them back to the big nasty.

It works like this. Your grandma gets an infected e-mail saying its from Aunt Hetty and has pictures of the kids. Granny, being neither computer-sophisticated nor sufficiently paranoid, opens the nasty and her PC gets the bug. The bug then reads Granny's address list and sends copies of itself to everyone on the list. To make it even nastier, it doesn't tell the new round of victims its from Granny, but instead says it's from one of the other addresses in the address book - yours. The message is caught by the mailer daemon at a savvy ISP and bounced. But since it's purportedly from you and not Granny, YOU get the bounce message.

Buy a good antivirus, trust your antivirus and don't open stuff unless you're dead sure they're safe and you'll be OK.