nanog mailing list archives

Weird virus activity from AOL user(s)


From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Sat, 10 Apr 2004 21:57:06 +0100 (BST)


Hi,
 I'm getting lots of viruses (few hundred to my personal address today), the
couple I checked appear to be the Sober-F virus based on the text.. the source
IPs from the headers are all AOL.

Strange thing is there is no virus, just the text and an attached file:
$ more Norton\ AntiVirus\ gel�scht1.txt 
Norton AntiVirus hat folgenden Anhang entfernt: corrected_text-file.pif.
Der Anhang  war mit dem Virus W32.Sober.F@mm infiziert.

This is a bit annoying as our scanners fail to find a virus and allow these 
thro.. so.. I'm doubting this is anything AOL have done themselves, there 
appears to be too many and from too many different IPs for them to be from a 
single user (altho they are from similar IPs suggesting the same blocks). I note 
the attachment suggests Norton AV but surely any virus scanner isnt stupid 
enough to find a virus and then still send out the email?

So whats going on then? :)

Steve



Current thread: