Author Topic: Got sent 176 copies of Sober.X this morning... (Read 404 times)

Seagoon · « **on:** December 05, 2005, 10:09:03 AM »

Hi Guys,

Just a heads up, this morning out of a little over 250 emails, no less than 176 were copies of W32.Sober.X sent to me by different mailers in the last 24 hours. Looks like a major virus flood.

Both AVAST (freeware) and Norton AV spot the virus in incoming mail.

- SEAGOON

Fishu · « **Reply #1 on:** December 05, 2005, 10:15:49 AM »

I'm only getting news of chinese stocks and cheapo OEM software addys.. as if I couldn't get just as legal and cheaper versions by downloading 'em over the internet.

I hope the guy behind those gets shot just like the russian spammer.

Delirium · « **Reply #2 on:** December 05, 2005, 12:56:52 PM »

I've been getting about 1 every 5 days for the last 2 1/2 weeks. One of them was the one that spoofed the FBI e-mail addy. Ended up wasting 5 minutes of my time and actually reported it to the FBI.

No big deal, I don't open attachments 99% of the time, even if they are 'clean'.

------------------

From: Mail@fbi.gov
To: *edited out*
Date: Sun, 27 Nov 2005 17:19:46 GMT
Subject: Your_IP_was_logged

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000

Attachments Attachment scanning provided by:

Files:

list.zip (54k)

Octavius · « **Reply #3 on:** December 05, 2005, 01:00:11 PM »

hehe, I just got one from the CIA, Del!

Delirium · « **Reply #4 on:** December 05, 2005, 01:01:11 PM »

Oh, I almost forgot... one of the ones I received was actually from my own ISP's automated failed message delivery system saying that a e-mail addy bounced, I came close to opening that one for obvious reasons.

Vulcan · « **Reply #5 on:** December 05, 2005, 02:42:24 PM »

If you run your own mail servers put an smtp response delay in, it kills most spam and virus sources dead.

oh, and try this out: http://www.trustedsource.org

Try putting your mail domain in the link up the top and then drill down on your IPs for your rating.

nirvana · « **Reply #6 on:** December 05, 2005, 05:19:03 PM »

If I ever find a hacker/spammer/ virus writer his brains are as good as gone. I'm gonna be the haxxor leet fight0r

Fishu · « **Reply #7 on:** December 06, 2005, 04:04:54 AM »

Quote

Originally posted by nirvana
If I ever find a hacker/spammer/ virus writer his brains are as good as gone. I'm gonna be the haxxor leet fight0r

My hero

Except THE hackers aren't bad, they do no harm.
It's the other group of people that do... media has just used a wrong term and now people has wrong ideas of it.

Seagoon · « **Reply #8 on:** December 06, 2005, 09:41:28 AM »

50 or so more copies of Sober this morning. And yup, CIA, FBI, AOL, spoof addresses abounded.

Here's a little background from ZDnet. Apparently it also stalled Hotmail last week, which presents me with a dilemma. Can a worm that attacks Microsoft be entirely malicious?

Sober storms charts as month's biggest attack
By Alorie Gilbert, CNET News.com

Malicious messages that purport to be from the FBI, CIA or Paris Hilton generated the vast majority of virus-laden e-mail traffic in November, according to security companies.

The e-mails carry a new variant of the Sober worm in an attachment which, when opened, infects the recipient's computer. The worm then attempts to disable antivirus programs and send copies of itself to any e-mail addresses found on the hard drive.

The Sober worm still accounts for close to 43 percent of all viruses being reported to the British antivirus firm Sophos. At its peak, it accounted for one out of every 13 e-mails relayed over the Internet, the group said on Wednesday.

As the most widespread variant since Sober first appeared about two years ago, the new offshoot has threatened to overwhelm e-mail servers and slow message delivery, Sophos said. Postini, another computer security firm, estimates that the latest Sober outbreak is twice as large as the biggest previous attack.

Infected e-mails carry a variety of messages. One claims to be a message from the FBI or CIA. It informs recipients that they've visited illegal Web sites and instructs them to answer questions in the e-mail's attachment. Another promises video clips of socialites Paris Hilton and Nicole Richie, while a German version references that country's version of the TV show "Who Wants To Be A Millionare."

"Mocking the feds is a sure-fire way of goading the authorities, and you can't help but wonder whether the author is desperate to be caught," Carole Theriault, senior security consultant at Sophos, said in a statement.

Sophos also reported that close to 3 percent of all e-mails, or one in 38, contain viruses. The firm collects data from a global network of monitoring stations.

wrag · « **Reply #9 on:** December 06, 2005, 10:13:52 AM »

Love my ISP. Extremely rare for a virus to come though as they perscreen it all for just that.