New Viri?

Thansal · August 2003

<div class="IPBDescription">sorta confuzled here</div> ok, I just got a few suspicious emails and I am confuzled on this one

so first I get a msg from a trusted friend that was simply a title of "Your Details" and an attachment of document_all.pif

I send her an email back asking here to simply C&P the msg into an email

then I get a mail from some one I don't know with the title "Re: Details" with your_details.pif

then 2 more emails from people I don't know
the titles were osmetihng like awsome screensaver and then re: screensaver
both had the same bodie as the first one (please see attached file for details) and the attachment was along the same lines....

havn't heard anything about this yet

the interesting thing is that the one person I recognised the email from usses a MAC, and virii rarly attack them.......

ideas?

MonsieurEvil · August 2003

It's the Sobig.f variant - the one that has been burying mail servers for 2 weeks while you were in a coma, apparently <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'> .

It's not new, or doing anything particularly new in how it operates. Just a weak script kiddie copy of previous viruses.

psychotik_mouse · August 2003

The symptoms sound like the soBig.f virus. For the love of god don't open the .pif attachments... delete the messages and then head over to <a href='http://www.symantec.com' target='_blank'>www.symantec.com</a>... they have a removal tool that will scan your system and remove the virus.

Thansal · August 2003

danke danke.

now for interesting sake

where is the virus starting from?
is it other people's infections atempting to spread?
is it on my mail server?
or am I jsut sorta slow ingeneral? <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'>

MonsieurEvil · August 2003

0. The internet's dirty birds.
1. Yes.
2. No.
3. Probably.

<img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'>

Thansal · August 2003

.....

what?

who?

ohhhhh I get it <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'>

so this infects Macs as well, interesting.

Nil_IQ · August 2003

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (MonsieurEvil @ Aug 26 2003, 03:02 PM)</td></tr><tr><td id='QUOTE'> It's the Sobig.f variant - the one that has been burying mail servers for 2 weeks while you were in a coma, apparently <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'> . </td></tr></table><span class='postcolor'>
So... is this why I can't check my emails?

*edit* just tried again, oh look! There they are! *edit*

psychotik_mouse · August 2003

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Thansal @ Aug 26 2003, 03:10 PM)</td></tr><tr><td id='QUOTE'> danke danke.

now for interesting sake

where is the virus starting from?
is it other people's infections atempting to spread?
is it on my mail server?
or am I jsut sorta slow ingeneral? <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'>  </td></tr></table><span class='postcolor'> 
If I understand how sobig.f works, it creates its own sort of mini smtp server then emails itself to everyone in your address book... or something like that.

MonsieurEvil · August 2003

And as previously mentioned elsewhere, this virus will cease to function on Sept 9th/10th due to an internal timer. So even your dumby friends that are infected and sending you loads of crap can't hurt you a few weeks from now.

Morrik · August 2003

Death to the SoBig.F virus.

I HAVE RECEIEVED IT OVER FIVE-THOUSAND TIMES!

MedHead · August 2003

One interesting tidbit of information.

I don't open attachments. However, if by some fluke, I do so, I have something to alert me to the fact. I entered in my Address Book the name "#@@@@@@@". Since it is the first name in my address book, it should be the first the virus sends to. And since that isn't a valid address, I'll get a returned letter. That way I'll know I have the virus (short of checking with Symantec).

SoulSkorpion · August 2003

Hm... I think this is the same virus that I've been gettng lately (well, VET keeps muttering something about "Sobig"). What I can't understand is how it's actally managed to reach my email adress; I keep it incredibly well hidden from that sort of thing. Does it just cycle through every alphanumeric combination of email addys, or something? :/

MedHead · August 2003

Somebody who has your e-mail address in their address book has the virus.

SoulSkorpion · August 2003

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (MedHead @ Aug 27 2003, 12:03 PM)</td></tr><tr><td id='QUOTE'> Somebody who has your e-mail address in their address book has the virus.  </td></tr></table><span class='postcolor'> 
Even if the "from:" isn't from them?

MonsieurEvil · August 2003

Yes, even if. Why is this so hard for people to believe. An address is an address.

PanzerOx · August 2003

the .pif is actually an .exe, they enter it as your_details.pif.exe and it drops the EXE, leaving it as your_details.pif/.mp3/.gif/.jpg etc.

New Viri?

Comments