Home page logo
/

basics logo Security Basics mailing list archives

Re: Annoying virus being mailed to me
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Fri, 7 Feb 2003 12:26:57 -0700

On Fri, Feb 07, 2003 at 10:54:13AM +0100, Chris Carter wrote:
Hi guys,

For the last two months or so I have been receiving emails with the
I-Worm/Sobig virus attached about twice a day. My anti-virus sw protects
me well so I am not infected in any way (nor has anybody else here).
Initially, I used to ignore the messages and delete them; after a couple
of weeks I decided to trace the source IP from the mail header and send
complaint messages to the corresponding ISP. But the Bast**d keeps
finding other IP's to mail me from. Messages come from big () boss com  Is
anyone else being targeted? Is this a common occurrence? Am I the only
one?

I appear to be.  My manual blackhole list has them blocked for
repeated virus tranmission.  I blocked the email address, not the IP
though, so I haven't noticed or cared about this in a while.

As it happens, Sobig usually sends email "From" big () boss com, so
others that are infected will send you email from same.

For an analysis of Sobig, please follow this link:

http://www.sophos.com/virusinfo/analyses/w32sobiga.html
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault