CNet: ISPs: Sobig's the biggest virus so far

http://zdnet.com.com/2100-1105_2-5066444.html

ISPs: Sobig's the biggest virus so far

By Robert Lemos
CNET News.com

The Sobig virus is aptly named.

Recent data from e-mail service providers pegs the infection caused by the latest variant of the Sobig virus as the
largest epidemic of a mass-mailing computer program to date.

E-mail filtering company MessageLabs, for instance, said it intercepted more than a million messages that carry the
virus on Tuesday, while rival Postini trapped 2.6 million in 24 hours.

"This is the fastest (virus) that we have seen," said Scott Petry, vice president of products and engineering for
Redwood city, Calif.-based Postini. He added that the company typically stops far fewer e-mail messages that carry
viruses--about 500,000--on an average day.

The computer virus clogged corporate e-mail systems on Tuesday and Wednesday, as every message had to be
digitally checked for the virus before being passed on to the recipient's computer. New York-based MessageLabs
found that about one in every 17 messages contained the Sobig virus--far more then the normal 1-in-275 ratio or
1-in-138 ratio that the previous top threat, Klez.H, had produced.

Sobig.F, like previous versions of the virus, uses an e-mail address other than the victim's as the apparent source of
e-mail messages that it sends to spread itself. Many antivirus systems send an alert that notifies the apparent sender
of viral e-mail messages that they are infected, even when the malicious program is known to forge the source's e-mail
address. The result: More spam to clog the Internet's arteries.

<more>

I was amused yesterday when I received a "bounce"
message from AOL for some virus-infected mail that
I never sent.

I guess somebody with my "incoming" corporate E-Mail
address in their address book has caught one or more
of these wonderful viruses, and their PC is now forging
mail with my E-Mail address as the source.

(It can't be actual mail from me because: 1) the
"outgoing" form of my corporate E-Mail address is
different, 2) it's quite unlikely that my Solaris
box has caught any of the Microsoft viri d'jour,
and 3) my Win-2K system was sitting in my backpack,
powered-off and quite disconnected from the net.)

Atlant

I got about 30 different messages yesterday that had been infected but my ISP (Roadrunner) cleaned them before they ever made it to my computer.

As for the rest, I keep getting messages about returned mail but not to anyone I've ever heard of and this is our home computer.

These are addresses of people I don't even know. Help desk has checked my computer...it's clean. (another one just arrived).

:nuke:

When I called my ISP's tech support, they tried to tell me I must have a virus or spyware, but I checked every which way and knew I didn't.

I finally looked at the addresses on the return messages more closely and realized they were all from the same provider and in close alphabetical sequence. Then I looked at some of the attachments (with my virus protection on) and they all looked like spam. I think spammers must send messages out with stolen return addresses to fool people into opening them.

Time after time after time people have gotten themselves infected with a virus because they open an unsolicited or unknown attachment and still they don't learn.

> Time after time after time people have gotten themselves infected
> with a virus because they open an unsolicited or unknown attachment
> and still they don't learn.

Virus/worm technology has progressed, helped along by Microsoft's
"ever helpful" software. Viruses now exist where simply previewing
a mail message (in Outlook or Exchange) can activate the payload.
Viruses exist where simply opening a web page in IE wil deliver
the payload. Worms exist that use the remote-control features (i.e.,
"COM" and "DCOM") which are present on Windows systems and wide-open
on many users' systems.

It ain't just a question any more of stupid users ignorantly opening
infected mail attachments.

Think of it as "VirusWorld XP".

Then start "thinking different(ly)" about your choice of computer
software vendor.

Atlant

...but sobig isn't one of those viruses.

Message removed by moderator. Click here to review the message board rules.

Message removed by moderator. Click here to review the message board rules.

Message removed by moderator. Click here to review the message board rules.

Message removed by moderator. Click here to review the message board rules.

> you are the first person in my ignore list.

As you wish.

Atlant

For a discussion on what's happening.

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=105&topic_id=113849&mesg_id=113849


Cher

(I posted this in General Discussion earlier)

I got a bounced email from someone in US Customs. This was a result of the recent SO BIG.f Microsoft e-mail virus. Apparently the virus executed from someones machine internal network ip (65.246.158.29) and the e-mail was sent by the Homeland Security email server mx2.mail.dhs.gov to a person in US Customs

What happens is when the e-mail virus executes it gathers all the e-mail addresses it can find on the infected machine and then e-mails it self to all the addresses spoofing the FROM: line with an address it finds. (Spoofing is the use of a e-mail address in the From line other than the actual sendee's) Well MY work address was picked up off of someones machine at dhs.gov.

So what is homeland security doing with my email address?

If homeland security is supposed to keep us safe how secure can they be if a stupid Microsoft e-mail virus can easily infect them?

What about other viruses that randomly send files from the infected harddrive?

Wouldn't this put national security at risk??

I would have the government launching a new super duper spy apparatus while in a blackout combined with a virus attack. There could be side benefits as well, you could find out if the blackout would allow the government the opportunity to place more people in jail or if the event could set off a killing spree or a virus spread. The object would be to determine if the event could result in a population decline with relief in the form of taking out people who are a drain on the system by taking, not giving. The virus attack could be programmed with the help of Microsoft to install spyware and more data for mining - in particular to identify 'dissidents'.

...has the Bush administration shown themselves competent enough to accomplish such as thing?

What I'm expecting out of this is for several more governments to ban the use of Microsoft software for official tasks (as several in Latin America, Europe and China have already done).

They'd contract it out to any of the nine zillion Windows
programmers, hackers, crackers, etc. who know all the ins-
and-outs of the Swiss Cheese.

I wonder if they were recruiting at DefCon 0xb a couple
of week-ends ago? :-)

Atlant