Full Disclosure mailing list archives
RE: SoBig.F strange problem
From: "Risser, Nathan \(BLM\)" <nathan.risser () express-scripts com>
Date: Tue, 19 Aug 2003 15:41:56 -0500
It would seem to me that someone who has your email address is infected with the worm. ---------------------------------
From Symantec's W32.Sobig.F page:
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions: .dbx .eml .hlp .htm .html .mht .wab .txt The worm utilizes it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. --------------------------------------- Nate -----Original Message----- From: Scott Phelps / Dreamwright Studios [mailto:scottp () dreamwright com] Sent: Tuesday, August 19, 2003 2:01 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] SoBig.F strange problem All day today I've been getting copies of SoBig.F. I've gotten around 150 copies so far, and a large number of postmaster bounces saying that a copy sent from my address was undeliverable. I know that SoBig forges the from address from files it finds on the victims machine, but I can't for the life of me figure out why I'm the attempted victim for so many other copies. I'm not infected with the virus, I'm running antivirus that strips the attachment before it lands in my inbox, and I'm running a version of outlook that disallows the attachment extensions that SoBig uses. I've run manual scans on all of my machines, in case of infection through a network share, but I don't have any of those from outside either. All the emails seem to be coming from different places, but around 90% are using a from address of @msu.edu. Is there some logical explanation why I'm being singled out here? My antivirus is driving me insane with popups, so I've had to shut down my mail program to get some work done. I'm sorry for the off topic nature of this question, but this makes no sense to me! Scott ******* Confidentiality Notice ******* This email, its electronic document attachments, and the contents of its website linkages may contain confidential health information. This information is intended solely for use by the individual or entity to whom it is addressed. If you have received this information in error, please notify the sender immediately and arrange for the prompt destruction of the material and any accompanying attachments. ******* Avis de confidentialite ******* Ce courriel ainsi que tout document y etant joint de meme que le contenu des liens vers des sites Web peuvent reunir des renseignements confidentiels sur la sante. Cette information s'adresse uniquement a l'usager ou a l'organisation auxquels elle est destinee. Si vous avez recu ce message par erreur, veuillez en aviser l'expediteur immediatement et proceder a la suppression du document et des fichiers joints sans tarder. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SoBig.F strange problem, (continued)
- RE: SoBig.F strange problem Bojan Zdrnja (Aug 20)
- RE: SoBig.F strange problem Ben Nelson (Aug 20)
- RE: SoBig.F strange problem JT (Aug 19)
- Re: SoBig.F strange problem Anthony Saffer (Aug 19)
- Re: SoBig.F strange problem Stephen Clowater (Aug 20)
- Re: SoBig.F strange problem felix . roennebeck (Aug 20)
- Re: SoBig.F strange problem Joseph L. Hood (Aug 19)
- RE: SoBig.F strange problem Rainer Gerhards (Aug 19)
- RE: SoBig.F strange problem Denis Dimick (Aug 19)
- RE: SoBig.F strange problem Boyer Kristy (Aug 19)
- RE: SoBig.F strange problem Risser, Nathan (BLM) (Aug 19)
- RE: SoBig.F strange problem Bassett, Mark (Aug 19)
- RE: SoBig.F strange problem Nick FitzGerald (Aug 19)
- RE: SoBig.F strange problem Ferris, Robin (Aug 20)
- RE: SoBig.F strange problem Schmehl, Paul L (Aug 20)
- Re: SoBig.F strange problem Stephen Clowater (Aug 20)
- Re: [fd] Re: SoBig.F strange problem Mike Vasquez (Aug 20)
- Re: SoBig.F strange problem Nick FitzGerald (Aug 20)
- RE: SoBig.F strange problem Bassett, Mark (Aug 20)
- RE: SoBig.F strange problem Dowling, Gabrielle (Aug 20)