Author Topic: W32.Sobig.F@mm virus (Read 494 times)

Eagler · « **on:** August 20, 2003, 06:22:54 AM »

had over 300 emails before I left for work with this thing in it ...

you now how long Norton AV takes to step through 300 infected emails?

whats the story with this thing?

Roscoroo · « **Reply #1 on:** August 20, 2003, 01:13:44 PM »

http://www.trendmicro.com/vinfo/vir...SOBIG.F&VSect=T

you can read about it in the url i posted ... its a older virus that can be very malicous and keeps getting reborn in a little different form . your safe as long as you dont open/run an email that has it in it. the worst part is its one of those mass emailing virus's like the klez worm and just as destructive or even more.

Eagler · « **Reply #2 on:** August 20, 2003, 02:12:20 PM »

where does it get the return address from? seems like it copied from my address book as many are valid email addresses

Skuzzy · « **Reply #3 on:** August 20, 2003, 02:22:25 PM »

Address books is what it pilfers, for sending and using as a return address.

This is a nasty bugger. Stealing Internet bandwidth at a horrific rate and typing up email servers at a faster rate. Basically, this thing is mounting a DOS attack on the Internet adn is being somewhat successful.

Many of our players have this virus and probably do not know it.

Eagler · « **Reply #4 on:** August 20, 2003, 02:27:26 PM »

so I have to be infected if it is using addresses from my address book as return addy's?

read to check for a certain line in the registry- I did not see it so I thought I was clean.

running AV scan now but slow with 4 big drives

Skuzzy · « **Reply #5 on:** August 20, 2003, 02:39:47 PM »

No Eagler, it could have gotten the return address from someone you know that has your address in their address book.

boxboy28 · « **Reply #6 on:** August 21, 2003, 07:44:51 AM »

hey im getting returned demon mailers (that i didnt send out) with the titles that, that worm sends out does that mean im infected?

Shane · « **Reply #7 on:** August 21, 2003, 07:52:04 AM »

if the "sent to" is from your address book, possibly, if not, then someone who has *you* listed in their address book is.

i was getting this week and half ago... figured it was a guy who had my addy on his mail list for softball since i came up clean for any worm and had already patched that exploit about a month prior.

boxboy28 · « **Reply #8 on:** August 21, 2003, 07:54:15 AM »

must be ive got my PCcillian upto date and cant find those files in my registry.

Eagler · « **Reply #9 on:** August 22, 2003, 11:53:47 AM »

latest news on this virus:

Global Race Against the Clock to Beat Sobig Virus

Aces High Bulletin Board

Author Topic: W32.Sobig.F@mm virus (Read 494 times)

Eagler

W32.Sobig.F@mm virus

Roscoroo

W32.Sobig.F@mm virus

Eagler

W32.Sobig.F@mm virus

Skuzzy

W32.Sobig.F@mm virus

Eagler

W32.Sobig.F@mm virus

Skuzzy

W32.Sobig.F@mm virus

boxboy28

W32.Sobig.F@mm virus

Shane

W32.Sobig.F@mm virus

boxboy28

W32.Sobig.F@mm virus

Eagler

update