Full Disclosure mailing list archives
RE: SoBig.F strange problem
From: "Boyer Kristy" <kboyer () ablelaw org>
Date: Tue, 19 Aug 2003 16:27:56 -0400
I'm having the same problem, but many of the emails that I'm getting are orginating from a comcast IP and from a res.aecom.yu.edu IP.... At about 1 email per 2 - 3 minutes... -----Original Message----- From: Joseph L. Hood [mailto:fnab () acerbus com] Sent: Tuesday, August 19, 2003 3:56 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] SoBig.F strange problem The virus writes to addresses found in the addressbook, it also seems to use random addresses, from the addressbook, as return addresses. Look at the headers to determine where the email is really originating. More than likely you're getting hit from someone you know. On Tue, 19 Aug 2003, Scott Phelps / Dreamwright Studios wrote:
All day today I've been getting copies of SoBig.F. I've gotten around 150 copies so far, and a large number of postmaster bounces saying that a copy sent from my address was undeliverable. I know that SoBig forges the from address from files it finds on the victims machine, but I can't for the life of me figure out why I'm the attempted victim for so many other copies. I'm not infected with the virus, I'm running antivirus that strips the attachment before it lands in my inbox, and I'm running a version of outlook that disallows the attachment extensions that SoBig uses. I've run manual scans on all of my machines, in case of infection through a network share, but I don't have any of those from outside either. All the emails seem to be coming from different places, but around 90% are using a from address of @msu.edu. Is there some logical explanation why I'm being singled out here? My antivirus is driving me insane with popups, so I've had to shut down my mail program to get some work done. I'm sorry for the off topic nature of this question, but this makes no sense to me! Scott
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SoBig.F strange problem, (continued)
- Re: SoBig.F strange problem Scott M. Algatt (Aug 20)
- RE: SoBig.F strange problem Bojan Zdrnja (Aug 20)
- RE: SoBig.F strange problem Ben Nelson (Aug 20)
- RE: SoBig.F strange problem JT (Aug 19)
- Re: SoBig.F strange problem Anthony Saffer (Aug 19)
- Re: SoBig.F strange problem Stephen Clowater (Aug 20)
- Re: SoBig.F strange problem felix . roennebeck (Aug 20)
- Re: SoBig.F strange problem Joseph L. Hood (Aug 19)
- RE: SoBig.F strange problem Rainer Gerhards (Aug 19)
- RE: SoBig.F strange problem Denis Dimick (Aug 19)
- RE: SoBig.F strange problem Boyer Kristy (Aug 19)
- RE: SoBig.F strange problem Risser, Nathan (BLM) (Aug 19)
- RE: SoBig.F strange problem Bassett, Mark (Aug 19)
- RE: SoBig.F strange problem Nick FitzGerald (Aug 19)
- RE: SoBig.F strange problem Ferris, Robin (Aug 20)
- RE: SoBig.F strange problem Schmehl, Paul L (Aug 20)
- Re: SoBig.F strange problem Stephen Clowater (Aug 20)
- Re: [fd] Re: SoBig.F strange problem Mike Vasquez (Aug 20)
- Re: SoBig.F strange problem Nick FitzGerald (Aug 20)
- RE: SoBig.F strange problem Bassett, Mark (Aug 20)
- RE: SoBig.F strange problem Dowling, Gabrielle (Aug 20)