Warning of new Virus

John Ferrell johnferrell at earthlink.net
Wed Aug 20 08:32:29 AKDT 2003


Some of the wrappers that conceal the virii in this flood are designed to
look like bounced emails. It is not just common to this list, other lists
are also noting the conditions.

If you are going to send someone an attachment it would be a good idea to
forwarn them because most of us are dumping them without opening.

I just brought this system up this week (Win 98SE) and it is up to date with
the current Norton AV. It seems to be handling the conditions OK. When I
opend the mail this moring, it handled a lot of virii well, but when the
download ended the program "Poproxy" also closed. I believe that is part of
Norton application. Just to be certain, I rebooted and all seems well.

John Ferrell
6241 Phillippi Rd
Julian NC 27283
Phone: (336)685-9606
johnferrell at earthlink.net
Dixie Competition Products
NSRCA 479 AMA 4190  W8CCW
"My Competition is Not My Enemy"


----- Original Message ----- 
From: "Thomas C. Weedon" <weedon at wwnet.net>
To: "NSRCA Discussion List" <discussion at nsrca.org>
Sent: Wednesday, August 20, 2003 1:20 AM
Subject: Warning of new Virus


> I have recieved about 200 virus infect e-mails in the last 12 hours. Don't
> open any attachments from friend or foe unless you are sure that the
> attachment is safe. Just delete, period. This looks like a serious attack
on
> our system, so caution is the word of the day. I have included a note of
> warning from Yahoo.
>
> Tom Weedon, NSRCA D4 AVP
> NSRCA Web Team
> AMA 2537, NSRCA 733
> IMAC 1810, WA8WAA
>
> +++++++++++++++++++ Yahoo Note ++++++++++++++++++++++++
> New Variant Of Sobig Worm Spreading Fast
>
> The Sobig e-mail virus that made its debut in the beginning of the year
> keeps coming back, with the latest variant spreading quickly, antivirus
> experts said Tuesday.
>
> The new version, code-named W32/Sobig.F-mm, first appeared Monday and soon
> led to a "medium-risk" listing by antivirus company Network Associates
> Technology Inc. "The infection rate is very steady and comparable with the
> other variants," says Craig Schmugar, research engineer for the company.
>
> Indeed, the number of virus-carrying e-mails intercepted by MessageLabs
Inc.
> increased from 10,000 at 8:30 a.m. EST Tuesday to more than 100,000 by 1
> p.m. EST. "It's a lot, but there have been a number of other viruses with
a
> faster infection rate," a MessageLabs spokesman says. "In terms of Sobig
> variants, it's up there with the last one."
>
> MessageLabs, which monitors corporate e-mail traffic for spam, viruses,
and
> other nuisances, has intercepted 360,000 e-mails infected with the
previous
> variant, Sobig.E, since it appeared June 25. Typically, these viruses
spread
> quickly during the first 12 to 24 hours, then trail off as fast as they
> started as companies and home PC users update their antivirus software.
>
> Sobig.F is arriving in e-mail under a subject line that typically says
> "re:details," "details," "your details," "thank you," or "resume." The
> sender is disguised as someone that may be familiar to the recipient, such
> as the name of a company or person.
>
> Once the attachment containing the virus is opened, Sobig steals e-mail
> addresses from several different locations on the computer, including the
> Windows address book and Internet cache, then sends copies of itself out
to
> those addresses. The virus, which sends multiple e-mails concurrently,
> selects addresses randomly for use as the sender, attempting to fool
> recipients into thinking the e-mail is from a company or other legitimate
> source.
>
> "Hackers are always trying new techniques to get you to open the virus,"
the
> MessageLabs spokesman says. "One of the ways is called spoofing, making
you
> think the e-mail is coming from a trusted vendor."
>
> The attachments' names may include your_document.pif, details.pif,
> your_details.pif, thank_you.pif, movie0045.pif, document.Fall.pif,
> application.pif, and document.9446.pif.
>
> Because of its mass-mailing capabilities, Sobig can eat up bandwidth and
> slow a company's network performance. The virus, however, isn't considered
> as malicious as others, since it doesn't delete files or damage the
infected
> PC.
>
> Nevertheless, the bigger danger lies in its ability to open a port in a
> computer, enabling a hacker to upload a Trojan. The small application can
> let a hacker take control of a computer or search for passwords in the
> system to break into people's online accounts.
>
>
>
> =====================================
> # To be removed from this list, send a message to
> # discussion-request at nsrca.org
> # and put leave discussion on the first line of the body.
> #
>
>

=====================================
# To be removed from this list, send a message to 
# discussion-request at nsrca.org
# and put leave discussion on the first line of the body.
#



More information about the NSRCA-discussion mailing list