Aces High Bulletin Board

General Forums => Hardware and Software => Topic started by: Eagler on August 20, 2003, 06:22:54 AM

Title: W32.Sobig.F@mm virus
Post by: Eagler on August 20, 2003, 06:22:54 AM

had over 300 emails before I left for work with this thing in it ...

you now how long Norton AV takes to step through 300 infected emails?

whats the story with this thing?

Title: W32.Sobig.F@mm virus
Post by: Roscoroo on August 20, 2003, 01:13:44 PM

http://www.trendmicro.com/vinfo/vir...SOBIG.F&VSect=T  (http://www.trendmicro.com/vinfo/vir...SOBIG.F&VSect=T )

you can read about it in the url i posted ... its a older virus that can be very malicous and keeps getting reborn in a little different form . your safe as long as you dont open/run an email that has it in it.   the worst part is its one of those mass emailing virus's like the klez worm and just as destructive or even more.

Title: W32.Sobig.F@mm virus
Post by: Eagler on August 20, 2003, 02:12:20 PM

where does it get the return address from? seems like it copied from my address book as many are valid email addresses

Title: W32.Sobig.F@mm virus
Post by: Skuzzy on August 20, 2003, 02:22:25 PM

Address books is what it pilfers, for sending and using as a return address.

This is a nasty bugger.  Stealing Internet bandwidth at a horrific rate and typing up email servers at a faster rate.  Basically, this thing is mounting a DOS attack on the Internet adn is being somewhat successful.

Many of our players have this virus and probably do not know it.

Title: W32.Sobig.F@mm virus
Post by: Eagler on August 20, 2003, 02:27:26 PM

so I have to be infected if it is using addresses from my address book as return addy's?

read to check for a certain line in the registry- I did not see it so I thought I was clean.

running AV scan now but slow with 4 big drives

Title: W32.Sobig.F@mm virus
Post by: Skuzzy on August 20, 2003, 02:39:47 PM

No Eagler, it could have gotten the return address from someone you know that has your address in their address book.

Title: W32.Sobig.F@mm virus
Post by: boxboy28 on August 21, 2003, 07:44:51 AM

hey im getting returned demon mailers (that i didnt send out) with the titles that,  that worm sends out does that mean im infected?

Title: W32.Sobig.F@mm virus
Post by: Shane on August 21, 2003, 07:52:04 AM

if the "sent to" is from your address book, possibly, if not, then someone who has *you* listed in their address book is.

i was getting this week and half ago... figured it was a guy who had my addy on his mail list for softball since i came up clean for any worm and had already patched that exploit about a month prior.

Title: W32.Sobig.F@mm virus
Post by: boxboy28 on August 21, 2003, 07:54:15 AM

must be ive got my PCcillian upto date and cant find those files in my registry.

Title: update
Post by: Eagler on August 22, 2003, 11:53:47 AM

latest news on this virus:

Global Race Against the Clock to Beat Sobig Virus (http://story.news.yahoo.com/news?tmpl=story&cid=569&ncid=578&e=2&u=/nm/20030822/tc_nm/tech_internet_virus_dc)