I think we need to take the computers away from all of these STUPID users and give them an etch-a-sketch. there is even tech support for it here: http://www.shanemcdonald.com/laughs/l-etchascetch.html
Printable View
I think we need to take the computers away from all of these STUPID users and give them an etch-a-sketch. there is even tech support for it here: http://www.shanemcdonald.com/laughs/l-etchascetch.html
My IDS's went crazy with just one internal host, logged over 1000 alerts a min. The PC had over 100 connections open to port 25 on remote hosts...
Nice way to bog down networks
I have to admit this one seems to be way more effective at spreading than most other viri I've seen - I've been getting in the region of 150+ notifications just on my email at work today...
probably when Hell freezes over er0k :DQuote:
when are people going to learn not to open attachments unless they have been cleaned first...
Z
I wonder what it will be like by the time we hit sobigt? The planned self destruction of the last and release of the next variant seems to just keep on going and going. This one seems to be a big one, the openbsdmisc list is almost half virus removed warnings today.
Is it me or are we in the middle of the heaviest period of virii releases.. ever? or more to the point wild spreaders.. never seen somany cat 3 and 4 alerts on the Symantec site..
cheers..
It looks like sobig has an as of yet unidentified payload coming up shortly...
http://www.sophos.com/virusinfo/arti...obigextra.html
Hi Guy's,
Found this tonight..on Tech-Critic
CheersQuote:
The FBI subpoenaed an Arizona Internet service provider to trace the culprit behind a fast-spreading e-mail virus that security experts said may have first been posted to an adult pictures Internet site.
One expert said the Sobig.F e-mail virus was disguised so that anyone who clicked on a link purporting to show a sexually graphic picture became infected with the self-replicating worm, which then spread itself to other e-mail addresses.
"Sobig.F was first posted to a porn Usenet group," said Jimmy Kuo, research fellow at antivirus software maker Network Associates. Usenet is a popular forum on the Internet where computer users with similar interests post and read messages.
question for understanding purposes... i've put a great deal of thought into this as have many in our shop. We have the extensions as well as the subject lines blocked so we do not scare the customers... however every now and then a customer will get an email saying something to the effect of "an email you sent had an infected attachment xxx.pif (whatever the name would be) ... and it says to contact the system administrator"
now according to symantecs info on the worm
W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.
taken from http://securityresponse.symantec.com...obig.f@mm.html
the way i read that is if a user outside of our network had one of our customers in their address book, the worm could then take and use their address to send out to everyone the address book contains.
i'm pretty sure that is correct.. now...
when these emails get detected as an infected email, it sends it back to the "sender" which in this case would be one of our customers. So they get an email inside our network saying that an attachment they sent was infected. Of course they dont know who they sent it to, nor remember sending the email...
Is this what is happening? Its the only thing that i can possibly think of to explain it. Help me out!
amazing isn't quite the word i would chose.Quote:
Originally posted here by thehorse13
It's amazing how many people out there don't actively update their AV scanner.
That is exactly what is happening. With this type of virus method becoming more common, first klez now SoBIG, it will only be a matter of time until the default setting for most AV software is not to send a message back to the "sender" of the virii. Or atleast most people will start turning it off.Quote:
Is this what is happening? Its the only thing that i can possibly think of to explain it. Help me out!