Results 1 to 11 of 11

Thread: SoBig infections

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Location
    Kodiak, Alaska
    Posts
    432

    SoBig infections

    Elena mentioned that the DF contact email address is being deluged with the latest worm. Since the worm picks up email addresses from visited web pages, and even from text files (such as readme1st.txt) - that means that a number of folders and/or former folders are infected.

    If possible, pass the request on to all your teammates to scan all of their windows machines that can receive email:

    http://securityresponse.symantec.com...oval.tool.html

    (or pick the removal tool from your favored anti virus dealer).

    Put a stop to the wasted bandwidth! Reclaim those lost cpu cycles for science, not Spamming..
    www.thegenomecollective.com
    Borging.. it's not just an addiction. It's...

  2. #2
    Junior Member
    Join Date
    Aug 2003
    Location
    Illinois USA
    Posts
    8
    Passed along

    Thanks for the heads up

  3. #3
    Senior Member
    Join Date
    Mar 2002
    Location
    MI, U.S.
    Posts
    697
    Or, you could just not run Windows. Or not blindly run attachments from obviously suspicious messages. Or not run Outlook or Outlook Express as your MUA (not for SoBig, but for other viruses).

    Or clean Outlook and/or OE from your system entirely (note: I'm not actually sure whether this is possible...), so that SoBig simply can't send itself automatically.

    Anybody wonder why very, very few other MUA's are automatable?

    Am I sounding cynical yet?

  4. #4
    Ancient Programmer Paratima's Avatar
    Join Date
    Dec 2001
    Location
    West Central Florida
    Posts
    3,296
    Originally posted by bwkaz
    Am I sounding cynical yet?
    Maybe just a wee bit...

    If you DO run Windoze, and many of us have no choice, at least on all machines, something like ZoneAlert is another fine choice. There is a free version of this for personal use and it makes a very effective firewall. (There are several programs like this available on the market.)

    Note that the Sobig worm doesn't depend on using your mail program, it's got its own built-in. But when it tries to send its stuff, ZoneAlarm will say, "Hold the works. You're a new program attempting to access the internet and I've gotta get permission from the Boss." It pops up an alert and you can tell it, "No way!"

    Now, you've gotta get it off your system, but at least you didn't spread it around! Just an idea...

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Location
    MI, U.S.
    Posts
    697
    Originally posted by Paratima
    Note that the Sobig worm doesn't depend on using your mail program, it's got its own built-in.
    I stand corrected then.

    I didn't know that worm writers were smart enough to understand SMTP... guess I'll have to rethink that assumption.

  6. #6
    Not here rsbriggs's Avatar
    Join Date
    Dec 2002
    Location
    Utah
    Posts
    1,400
    The FBI is saying that SoBig is a professional job.... What it was scheduled to do was quite amazing. Fortunately they managed to shut down the 20 or so comps that it was supposed to contact for further instructions....
    FreeDC Mercenary


  7. #7
    Ancient Programmer Paratima's Avatar
    Join Date
    Dec 2001
    Location
    West Central Florida
    Posts
    3,296
    Yep. Everything I've heard is that they're all pretty amazed at the way it's put together.
    Clever, yes. Low-life pond scum and terrorist bastards, definitely!

    I don't think I could dig deep enough to come up with any sympathy for virus authors.

  8. #8
    I agree with everything you say, Paratima - if they'd only divert their skills to something useful

  9. #9
    Target Butt IronBits's Avatar
    Join Date
    Dec 2001
    Location
    Morrisville, NC
    Posts
    8,619
    Ya, like forcing security patches on un-suspecting or clueless 'victims' for starters.

  10. #10
    Yeah, when i do my windows update, i quite often notice that i'm patching to remove "could possibly allow an intruder to execute code" weaknesses.

    somebody should write a program that hacks into those vulnerable systems, installs a virus detector, then runs windows update

  11. #11
    Junior Member
    Join Date
    Aug 2003
    Location
    Illinois USA
    Posts
    8
    Originally posted by Kileran
    somebody should write a program that hacks into those vulnerable systems, installs a virus detector, then runs windows update
    Link

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •