|
-
August 20th, 2003, 07:11 PM
#11
Senior Member
I think we need to take the computers away from all of these STUPID users and give them an etch-a-sketch. there is even tech support for it here: http://www.shanemcdonald.com/laughs/l-etchascetch.html
just making some minor adjustments to your system.... 
-
August 20th, 2003, 07:19 PM
#12
Junior Member
My IDS's went crazy with just one internal host, logged over 1000 alerts a min. The PC had over 100 connections open to port 25 on remote hosts...
Nice way to bog down networks
-
August 20th, 2003, 08:46 PM
#13
I have to admit this one seems to be way more effective at spreading than most other viri I've seen - I've been getting in the region of 150+ notifications just on my email at work today...
when are people going to learn not to open attachments unless they have been cleaned first...
probably when Hell freezes over er0k 
Z
Quis Custodiet Ipsos Custodes
-
August 21st, 2003, 12:24 AM
#14
I wonder what it will be like by the time we hit sobigt? The planned self destruction of the last and release of the next variant seems to just keep on going and going. This one seems to be a big one, the openbsdmisc list is almost half virus removed warnings today.
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
-
August 21st, 2003, 12:20 PM
#15
Is it me or are we in the middle of the heaviest period of virii releases.. ever? or more to the point wild spreaders.. never seen somany cat 3 and 4 alerts on the Symantec site..
cheers..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 22nd, 2003, 06:43 PM
#16
It looks like sobig has an as of yet unidentified payload coming up shortly...
http://www.sophos.com/virusinfo/arti...obigextra.html
-
August 24th, 2003, 12:57 PM
#17
Hi Guy's,
Found this tonight..on Tech-Critic
The FBI subpoenaed an Arizona Internet service provider to trace the culprit behind a fast-spreading e-mail virus that security experts said may have first been posted to an adult pictures Internet site.
One expert said the Sobig.F e-mail virus was disguised so that anyone who clicked on a link purporting to show a sexually graphic picture became infected with the self-replicating worm, which then spread itself to other e-mail addresses.
"Sobig.F was first posted to a porn Usenet group," said Jimmy Kuo, research fellow at antivirus software maker Network Associates. Usenet is a popular forum on the Internet where computer users with similar interests post and read messages.
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 24th, 2003, 05:20 PM
#18
Senior Member
worm operation theory / question
question for understanding purposes... i've put a great deal of thought into this as have many in our shop. We have the extensions as well as the subject lines blocked so we do not scare the customers... however every now and then a customer will get an email saying something to the effect of "an email you sent had an infected attachment xxx.pif (whatever the name would be) ... and it says to contact the system administrator"
now according to symantecs info on the worm
W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.
taken from http://securityresponse.symantec.com...obig.f@mm.html
the way i read that is if a user outside of our network had one of our customers in their address book, the worm could then take and use their address to send out to everyone the address book contains.
i'm pretty sure that is correct.. now...
when these emails get detected as an infected email, it sends it back to the "sender" which in this case would be one of our customers. So they get an email inside our network saying that an attachment they sent was infected. Of course they dont know who they sent it to, nor remember sending the email...
Is this what is happening? Its the only thing that i can possibly think of to explain it. Help me out!
-
August 24th, 2003, 05:34 PM
#19
Originally posted here by thehorse13
It's amazing how many people out there don't actively update their AV scanner.
amazing isn't quite the word i would chose.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
August 25th, 2003, 04:23 PM
#20
Is this what is happening? Its the only thing that i can possibly think of to explain it. Help me out!
That is exactly what is happening. With this type of virus method becoming more common, first klez now SoBIG, it will only be a matter of time until the default setting for most AV software is not to send a message back to the "sender" of the virii. Or atleast most people will start turning it off.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
