Today is the worst I've seen yet for getting Viruses in my Email. I got over 125 before 12 Noon. What the #$%&^$ is going on?

Be very careful about opening any attachments. I don't know what kind of virus it is but they have file names ending in .pif and .scr Subjects are varied:

Your_Details
My_Details
Details
Wicked Screensaver
Approved
Your Application
Thank You!
Re: Thank You!
That Movie
and other variations with RE: and Re:Re: before the words.

Update your Virus Protection and keep it active!

Bill

Probably Sobig.F

It's the fastest spreading virus ever. Discovered today.

C-H

Any info available on that yet?

I scanned the directory where these files were and they were not recognized by Mcaffee Viruscan with an Update issued 8/18 (1 day old)

I found an article on the W32/Sobig.e@MM virus which seems like it will really cause problems.

Our Mail Server has been down (I haven't been able to get emails) for almost 2 hours right now.

Bill

Here are more details:

http://www.europe.f-secure.com/v-descs/sobig_f.shtml

It's just an e-mail virus, but it's good at spreading.

Speaking of viruses, did anyone have a problem with wormblaster? I was just fine until I went to Microsoft's web site to download the "patch" and then my computer crashed. It's all better now but it leaves one to wonder...

C-H,

From the article at the link I posted and some others I've since found it doesn't seem to be a typical email virus. I don't understand it all, but don't like hearing it is 'auto updating' or the idea of it opening ports creating a BackDoor to the infected computer and awaiting instructions.

Bill

I would like to add that some computers are configured such that the infected file appears to be innocent. (The file extension--such as .pif, .exe, etc.--does not show.)

Fortunately, I use a service that allows for automatic blocking of potentially dangerous attachments. Unless you are specifically expecting a file with the following extensions, there is good reason to be cautious:

exe, bat, scr, com, pif, chm, cpl, hta, ins, isp, ise, js, mda, mdb, mde, ade, adp, mdz, msc, prf, dbx, nch, reg, inf, vb, vbs, bas, msp, wsh

An attachment with the .pif, vbs or vb extension is almost certainly something malicious.

BTW,

(for McAfee users)
McAfee has issued a new Dat (virus data update) today for detecting this bug. I could not update using the controls in my Viruscan control panel, but it was available for download at the website.
http://www.networkassociates.com/us/downloads/updates/dat.asp

Bill,
I would be inclined to ask that same question, too, 125 viruses, is bordering on the para-normal.
This sort of behaviour (sending viruses) is clearly unfair to the average computer user and it deserves to be punished with the full extent of the Law!, the problem being actually catching the culprits.
I haven't noticed any response from any Law enforcement agencies, anywhere with regard to what is actually being done about these idiots.
Just seems to me, that a few amongst the world population have so much time on thier hands and so little brains!.

Trumpy,

That 125 was only the tip of the iceberg i'm afraid. Apparently they came in so fast that it totally bogged down our Mail Server earlier. I feel like I've wasted a whole day with this $#%@&* already..

I thought it was just me this morning. I've only been receiving a couple of junk e-mails a day the last few weeks, but this morning I must have deleted a dozen or more, and I've just got in tonight and wiped out another nine.

They carry the same subjects listed by Bill, in slight variations. Several have the "from" field as postmaster@ some site. I also have several messages with attachments, supposedly from MAILER-DAEMON@ some ISP, and a subject of "Failure notice," "Returned mail," or something similar.

hi all, i thoght i was alone on this virus. completely filled up my email box. but not my primary email.paulk, the daemon @ some isp could be webtv that i'm on. it can't infect it, but seems to send itself from the location it was sent with out users knowing it.they should do what they say in "beer for my horses"(country tune) "round up all of them bad boys & sit them down before there maker."like someone said "very little brains & nothing better to do than cause trouble."im

I've wondered if the virus-scan software companies create these things. They are sure big money makers for McAfee and Norton.

Sometimes a patch or service pack from Microsoft can make things worse. They can break things on your Windows install, like devices attached to your machine, or cause some programs or the whole system to crash.

Of course, if you don't install the patch, then you've got the likes of Wormblaster and hackers looking to take advantage of security holes on your system. Darned if you do and darned if you don't.

MacWire

Bill

I received over 60 of these at my Yahoo address and many of them were addressed to look like they came from members of the Mike Holt site. Several of them were from Don's address, a couple from Wayne's and I don't remember who elses right now. All of them had the senders IP of 65.241.212.227. I also received a couple of sent mail returned messages saying that messages I had sent were undeliverable. The problem I have with that is I don't use this Yahoo web email account to send mail. I only use it when I have to register for sites and don't want to use my primary email address.

Curt

Well, I'm at about 1,000 for the day (18hrs) between virusses and false notifications of emails I supposedly sent. Addresses like Photos@, Afilliate@, Info@ etc. are not 'legitimate' email boxes in that they can't ever send mail, the system won't let it. (they can only receive it)

I think it's been decided to just reject any email with an attachment of .scr or .pif from now on as it doesn't seem to be slowing down any.

Curt,

I've got the same complaint. These things root through an infected computer and send emails to addresses they find and make them appear to be from another address that they find. It fools a lot of people. I've gotten some very angry emails from some people that thought I sent them a virus. But I had nothing to do with it.

Bill

[This message has been edited by Bill Addiss (edited 08-19-2003).]

One problem is that the FROM field in an e-mail can contain whatever the sender cares to place in it. There's no check, the field just gets passed through the system intact.

I had several "Failed delivery" type messages in my box late last night, which aroused my suspicions immediately. The only e-mail I sent yesterday was to Bill, and I know he received it correctly.

P.S. Checked my e-mail only two minutes ago, but two more messages arrived while I was typing this post. One is "returned mail" from some MAILER-DAEMON again, the other from a cryptic address NAVMSE-LZNTSRV1 something or other, telling me that Norton Anti-Virus has detected a virus in an e-mail I just sent. Yeah, right.


[This message has been edited by pauluk (edited 08-20-2003).]

I dumped Norton on this box, and bought the Panda Antivirus Platinum 7.

This dang thing updates itself daily, and is catching around a dozen new virus/worm signatures everytime it updates.

I have Macafee on the other boxes and it seems to let some things slide by and only catches the virus after there is a problem.

I'm using the Panda firewall, but haven't been overly imporessed with THAT, and am gonna put zone alarm pro back in.

This has been a bad summer for viruses and hackers, etal.

Bill,

Ughh...tell me about it. I just got through deleting 96 (that's right, NINETY SIX) of these things with those exact topics (I think one or two were from people I recognized).

Didn't even bother opening them -- just hit the "D" key on my console and held it down all the way.

The messages for Viagra and "enhancers" were also decimated in the conflagration.

I woke up to 61 e-mails.

Maybe we, as a group, should track down the individuals responsible for everything from Viagra and enlargement e-mails to viruses and put them through a battery of electrical experiments, such as resistance testing through human tissue. There are many unanswered questions about resistance - questions which could be answered with extended testing. Volunteers such as these e-mail senders and virus distributors are crucial to the advancement of society through testing on their bodies.

Today I identified one mail server that had sent me over 1100 emails in the last 36 hrs. I wrote to them telling them they had a problem and they gave me another address to write to (sounded like a 'not my job' response). So I just had them blocked period.

I think these little ISPs have a responsibility to not let crap like this virus (and spam) pass through them. They have the ability to stop a lot of this stuff.

Bill

I want to keep this near the top so everyone sees it. Even with blocking a multitude of Mail Servers I got 1500 virus emails in the last 12 hrs.

Everyone: Please make sure that your system is clean. Don't click on anything that comes in an email unless you know exactly what it is. Be aware that you can't really trust that it's from the address it says it's from either.

If you don't know how to update your virus software, or scan your system you can post a question here and I'm confident that someone will try to help you.

Bill

I am using ontrack's systems suite and it has identified viruses before they were listed on the symantec search site one example was the Randex virus .I dont know how the boy gets these viruses but I sure like the ontrack virus software . I think it is powered by Trend Micro .

I have been experiencing dropped connections (dial up) and slow service or "server not found" for a few days now and it seems my ISP is having difficulty dealing with these virus's too, here is an email I just got from them.

Bob,

When we determine that a lot of emails are coming from one place we can block that address or Mail server. Even with many servers already blocked I am averaging over 100/hr. Our mail server scans the mail and takes out the virus now, so I don't get them and they're automatically filtered by my email program (Eudora) and put in a special folder for disposal later.

Even though I don't have to wade through them like the first day I know it's still a strain on our server resources and figure it is causing some slowdowns in general.

The people that write and spread this stuff are hurting everyone.

Bill

Bill,
It sounds like you as a Web Administrator, have been hit especially hard by these Clowns.
The sheer number of e-mails, is mind-blowing, to say the least.
Exactly, this is why we need very explicitly written and enforced laws to clamp down on this form of crime (Which it is!), to make it clear that this sort of Anti-social behaviour, will NOT be tolerated!.
Imagine, the average Elderly person, that uses a computer to keep in touch with a distant son or daughter, how are they going to cope with a situation like this?.
This problem really needs to be nipped in the bud, NOW!!.

Here is another virus warning you might be interested in.
...........................
NEW VIRUS ALERT

If you receive an email entitled "Badtimes," delete it immediately. Do not open it. Apparently this one is pretty nasty.

It will not only erase everything on your hard drive, but it will also delete anything on disks within 20 feet of your computer.
It demagnetizes the stripes on ALL of your credit cards.
It reprograms your ATM access code, screws up the tracking on your VCR and uses subspace field harmonics to scratch any CD's you attempt to play.
It will re-calibrate your refrigerator's coolness settings so all your ice cream melts and your milk curdles.
It will program your phone autodial to call only your mother-in-law's number.
This virus will mix antifreeze into your fish tank.
It will replace all your Coke with Pepsi.
It will leave dirty socks on the coffee table when you are expecting company.
Its radioactive emissions will cause your toe jam and bellybutton fuzz (be honest, you have some) to migrate behind your ears.
It will replace your shampoo with Nair and your Nair with Rogaine, all while dating your current boy/girlfriend behind your back and billing their hotel rendezvous to your Visa card.
It will cause you to run with scissors and throw things in a way that is only fun until someone loses an eye.
It will give you Dutch Elm Disease and Tinea.
It will rewrite your backup files, changing all your active verbs to passive tense and incorporating undetectable misspellings which grossly change the interpretations of key sentences.
If the "Badtimes" message is opened in a Windows95 environment, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub.
It will not only remove the forbidden tags from your mattresses and pillows, but it will also refill your skim milk with whole milk.
It will replace all your luncheon meat with Spam.
It will molecularly rearrange your cologne or perfume, causing it to smell like dill pickles. It is insidious and subtle. It is dangerous and terrifying to behold.
It is also a rather interesting shade of mauve.
These are just a few signs of infection.
PLEASE FORWARD THIS MESSAGE TO EVERYONE YOU KNOW!!!
..........

This is a joke, of course.

Blessings. Mark

Between email viruses and spam, I wonder how long email can remain a viable method of communication.

I still remember the days (early 90s) when the only way to transmit a computer virus was to stick an infected floppy disk in a PC. Email transmission was unthinkable. And "worm" still meant a pink, wriggly creature that lived in the soil, was eaten by birds and used as fish bait.

Sometimes change is a bad, bad, BAD thing.

MacWire

Bill,
I read in the news that they have caught the culprit of the Blaster Worm.
Man, I hope that he goes for a SKATE and a half!.

This fellow's about 6 miles west of here. Fascinating.

Trumpy,

I don't know what they could do to him, but it would be nice if more people got the idea that this sort of thing is a crime.

Given the widespread effects something like this has shouldn't he be tried in some type of International court?

Bill

Bill,

I don't think the USA would give him up to an international court. Don't even think the USA recognizes it either....

[This message has been edited by SvenNYC (edited 08-30-2003).]

I just hope that whatever court this guy is tried in, that it is a fair trial, but also
that the extent of the damage that a person like this can cause, is taken into account!.
I thought that the jurisdiction came from the place where the offence took place?, regardless of how far flung the results were?.

I wouldn't press too hard for any sort of International Court of "Justice" trial. The ICJ is quite well-known for being rather more liberal than any American court would likely be. Besides, I don't think that constitutionally the ICJ has any jurisdiction over America whatsoever, unless Congress or the U.S. Courts agree to their decision.

The way this guy went about delivering this message was bad, but the point is well taken.

IMO, there's no way that he can make monetary retribution for what he has done and I doubt that the legal process he goes through will do much to deter others that might want to follow in his footsteps.

I think too many people end up somehow admiring the intellect necessary to pull off something like this and don't focus on the real facts and consequences of his actions.

Bill