Emails Virus from hell !

[Devious]

I'm getting daily about 1000 emails (no joke) due to a new worm virus called W32.Sobig.F@mm . Its driving me nuts , every time I check my mail I have to watch pages of crappy emails roll in with attachments.
I have installed Norton antivirus 2003 which says its found it and removed it and also a special fix from norton and McaFee which both say i'm clean.

Apparantly the virus shuts itself down on Sept 10th 2003 .
Anybbosy else getting this or know a fix ?

 

[Konspiracy]

This ones been causing havoc at work. Havent had it myself but a few machines have and weve blocked UDP ports 8998 on the perimeter firewalls,

Heres the info

W32.Sobig.F@mm is a mass-mailing worm that sends itself, using its own SMTP engine, to email addresses that it finds in infected computers. Every Microsoft Operating Systems, except Windows 2000, is concerned by this new variant.

It typically arrives as an e-mail message with the following properties: From: admin@internet.com or most likely from another spoofed address.

Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details

See the attached file for details
Please see the attached file for details

your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Details of fixes can be found here

Computer Associates
http://www3.ca.com/solutions/collateral.asp?CT=27081&CID=49259

Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

TrendMicro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F

 

[wildpitch]

I've had a few messages from postmaster@ this that and the other to say I sent this virus to them. I don't get it as my machine is clean, the network is rock solid, and the email address they said I used to send them the virus wasn't actually exactly right. Is there some sort of hoax malarkey going on at the same time?

 

[Devious]

Not sure whats going on really, Ive tried 3 fixes which take about 2 hours to scan through my 200+gig of data and they say I'm clean.

I keep missing important emails as I cant be arsed anymore sifting through pages and pages of emails and I just delete them now.
The most worrying thing is I got an email from my webmaster saying they may close my account due to over use ? wtf

 

[Konspiracy]

Not sure Froz there could be, I got an email from a mate who works from the Anti Virus dept and they were up all night applying fixes and that. Im more on the network side of things so Ive just been monitoring traffic all last night and today.

And Im very bored of it..

 

[wildpitch]

Sounds rivetting mate...!

The messages from postmaster @ were sent to the same address as all my viagra and Tight Thai's messages, another good reason for thinking it was a hoax. It's a valid address but not one thats been used to send messages for about 3 years.

If you're a networky dude Konspiracy, can you give us any pointers on how to track a Blast infected PC on our network somewhere that is propogating the exe around every now and again? We've got a few stray ones out there somewhere..

 

[Konspiracy]

Sounds rivetting mate...!

The messages from postmaster @ were sent to the same address as all my viagra and Tight Thai's messages, another good reason for thinking it was a hoax. It's a valid address but not one thats been used to send messages for about 3 years.

If you're a networky dude Konspiracy, can you give us any pointers on how to track a Blast infected PC on our network somewhere that is propogating the exe around every now and again? We've got a few stray ones out there somewhere..

Ah you get those viagra and thai ones as well :$

From what I can remember blast uses broadcasts so if youve got any sorta management tool look for the top 10 talkers on your network for odd devices ie non server related. What you usually see is one device triggering others. Dont usually do this sorta stuff but our guru is off on holiday so muggins here gets landed with it

Methinks Fugjostle is the man to speak to on this tho

 

[ZENZEN]

W32.Sobig.F@mm

Was sent this as an attachment earlier, straight to the bin with it!!

The virus SOBIG-F is spreading so rapidly that approximately 50% of all world email traffic is now just SOBIG-infected junk mail.

Once attached to a computer, the virus doesn't scan your mail book - it scans any viable text file, such as stored web pages, to find any email address it can send on to - and send on "from" (it uses one harvested email address as the sender's address and then slots another in as the victim.)

The result of this is that a lot of people are emailing a lot of other people accusing them of having sent them a virus. This is not the case - the virus deliberately conceals who's infected to make it harder to track down and crush.

 

[Aydo]

seen Norton and Mcafee sales figures for the last 12 months?

they'll get caught out eventually..

 

[ZENZEN]

SOBIG-F DISINFECTION

SOBIG-F DISINFECTION TOOL AND ADVICE AVAILABLE FROM SOPHOS
The latest Sobig worm continues to slow down email systems
worldwide with the sheer number of emails it generates. Find
out how to protect yourself and how to remove the virus from
your systems if you were unlucky enough to have been infected.

http://www.sophos.com/sobig


SOBIG-F: DON'T LET AN AUTO-RESPONDER FOOL YOU
It's not just emails created by the Sobig worm which are causing
users problems - but also emails auto-generated by gateway
virus scanners which are being mistakenly sent to innocent users,
accusing them of having distributed the virus. Sophos offers
advice to those who receive a message saying they have sent
out Sobig-F.

http://www.sophos.com/virusinfo/articles/autorespond.html


STOP THE BLASTER WORM DEAD IN ITS TRACKS, SOPHOS OFFERS ADVICE
It's not just the Sobig worm out there. The Blaster worm continues
to cause problems. Read advice on how to secure your system
against attack from Blaster and similar threats, and details on
how to clean your systems up if you were unlucky enough to have
been hit.

http://www.sophos.com/support/disinfection/blastera.html