Country Living
Country Living, Country Skills
Country People

KountryLife.com - A Country Living Resource and Community
Community
Message Board
Country Topics
Trading Post
Memory Lane
Country Skills
Country Cooking

Channels
Gardening
Livestock
The Kitchen
Machinery
Tools

Photographs
Photo Gallery
Vintage Photos
Special Collections

Fun
Country Humor
Country Sounds
Coloring Book
Interactive Story

Farm Tractors
Pictures
Tractor Parts
Tractor Manuals

Miscellaneous
Classic Trucks
Antique Tractors
Modern Tractors
Site Map
Links Page
Contact Us

  
Country Discussion Topics
To add your comments to this topic, click on one of the 'Reply' links below.

SOBIGF
[Return to Topics]

M.R.    Posted 08-22-2003 at 11:01:23       [Reply]  [No Email]
A new variant of W32/Sobig, W32/Sobig.f@MM is a
High Risk mass-mailing worm. It arrives as an email attachment with a .pif
or .scr extension. When run, it infects the host computer, then emails
itself (using its own SMTP engine) to harvested email addresses from the
victim's machine.

In addition, when it propagates, the worm "spoofs" the "from: field", using
one of the harvested email addresses. An infected email can come from
addresses you recognize.

Because it sends so many emails, a worm like Sobig also saps bandwidth and
slows network performance. Worse, it can also open up a user's computer
port, making it vulnerable to hackers, who can plant dangerous Trojans.
These malicious programs often let unauthorized users remotely take over a
system, steal personal information or use the infected PC to send spam.

What are the common subject lines, attachment names and message content
associated with W32/Sobig.f@MM emails?

Subject:
* Your details
* Thank you!
* Re: Thank you!
* Re: Details
* Re: Re: My details
* Re: Approved
* Re: Your application
* Re: Wicked screensaver
* Re: That movie
* Re: That movie
Attachment:
* your_document.pif
* document_all.pif
* thank_you.pif
* your_details.pif
* details.pif
* document_9446.pif
* application.pif
* wicked_scr.scr
* movie0045.pif
Body:
* See the attached file for details
* Please see the attached file for details

How do you know if you've been infected?

The worm copies itself onto an infected machine as:
C:\WINNT\WINPPR32.EXE

Delete any emails that have the subjects described above

Do not open any .pif attachments.
Do not open any .dat attachments.






RayP(MI)    Posted 08-23-2003 at 18:20:23       [Reply]  [No Email]
Yup, that happened to me - got over a hundred messages in one evening from internet providers telling me messages I sent were to nonexistant accounts, were undeliverable, or contained viruses. Some even sent me the alleged offending attachments. (which my virus remover promptly eliminated.) Didn't recognize any of the addresses - not from my book, and we didn't send any of them. Especially not at 4:00am! Apparently the virus lammed on to my address from someone elses' computer, and sent out a BUNCH of messages, using my return address. Still getting a few error messages dribbling back. My virus program is updated daily, scans all incoming and out going mail. Doubt if Our computer is the cause!


Ron,Ar    Posted 08-22-2003 at 16:41:13       [Reply]  [No Email]
The server at our school where I work got "the worm". It also got everyones email address at home from the very large address book. Now it is sending out the virus/worm using our home addresses as sender. That su-ks. Folks already sending me thank you notes for it.


Salmoneye    Posted 08-22-2003 at 13:07:55       [Reply]  [No Email]
Someone...Or many someones have this...

I just deleted 112 of these from my inbox and that is just since this AM when I dumped 83...



Jailkeeper    Posted 08-22-2003 at 13:45:33       [Reply]  [Send Email]
Do you know you can configure Outlook Express to NOT download certain messages that have attachments? I set mine up that way last week after the MSBlast worm attacked me. It seems to have helped so far. If you need more info I'd be glad to help.


lol    Posted 08-22-2003 at 13:56:57       [Reply]  [No Email]
Yes...I am well aware of how to configure Outlook, but thanks for the offer...

:-)


~Lenore    Posted 08-22-2003 at 14:37:18       [Reply]  [No Email]
My Outlook Express is a disaster area.
I do not go there!
It will not do anything;
and keeps sending me error messages
that I cant get rid of.
It has been that way for two years now.
So it is like a bad neighborhood;
I just avoid it.


~Lenore    Posted 08-22-2003 at 14:32:15       [Reply]  [No Email]
My Outlook Express is a disaster area.
I do not go there!
It will not do anything;
and keeps sending me error messages
that I cant get rid of.
It has been that way for two years now.
So it is like a bad neighborhood;
I just avoid it.


~Lenore    Posted 08-22-2003 at 15:02:49       [Reply]  [No Email]
OOPS!!

I hate when that happens!
My ISP bumped me off line and somehow when I got back on it posted again!!
Scuse me....


So...    Posted 08-22-2003 at 17:50:44       [Reply]  [No Email]
If you don't use it...Dump it...

Go to Mycomputer/ControlPanel/Add-RemovePrograms...And get rid of it...

Salmoneye

PS.....While you are in there, dump all the other programs you don't use...

Just a thought...


~Lenore...Salmoneye??    Posted 08-22-2003 at 19:20:21       [Reply]  [No Email]
Salmoneye,
This may be a dumb question. Will getting rid of outlook express eliminate the addresses in my address book??


Salmoneye    Posted 08-23-2003 at 03:35:19       [Reply]  [No Email]
Your address book that you are using is seperate from the one in Outlook...Unless that is the one you have been using that is ;-)



[Return to Topics]



[Home] [Search]

Copyright © 1999-2013 KountryLife.com
All Rights Reserved
A Country Living Resource and Community