h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

Every time a new email virus spreads itself across the net, I very rarely seem to get any copies in my inbox.

Is this because I have lots of very security-conscious email contacts or have I just been lucky? I personally never open an attachment - even if comes from someone I know I won't open it if they don't tell me what it is in the body of the mail, I'll mail them for confirmation.

Also, I never use my address book - I keep all my contact addresses in a text file and just cut'n'paste when I need one. If a virus looks for contacts in my address book it won't find any.

Has anyone here found an inbox full of Sobig emails this week?

Over a hundred and counting

I'm a zilch man too.

No sign for me either.

I'm starting to feel left out from the hysteria.


Geggs

Well if you like, you can leave me your e-mail addresses and I'll happily let you have some of mine

I've never gotten an email with a virus.

I've just received an e-mail from our tekkies with an anti-virus update which I've just installed. Do you think they're watching me on hootoo, or is it just spooky

I haven't received any - I think our IT people screen them out, as does BT on my home account. However, some bright spark with me in their address book did get infected, and it used my emial address as the "from" address, so I've had lots of mails bounced back. Mildly annoying, and a bit worrying to start with...

Otto

Moonglum got loads at work, but they were screened out luckily, hes IT manager at Granada TV.

I think I got one from Ryanair, but I deleted it, as it looked very suspicious. Its not too difficult to avoid, install anti-virus software and don't open any attachment unless you are very sure about its origines.

So you got a whole heap GD? Did they not send themselves out from your box cos I never got one from you.

Ok, seems there's a few people around here that are fairly technically minded...

So, on the subject of the Sobig virus...

I've been getting literally hundreds of mails, from people I've never heard of... with one of two text messages... either

"Have detected a virus (WORM_SOBIG.F) in your mail traffic on 08/22/2003 17:18:19 with an action deleted"

or a longer one...


------- Virus Warning Message (on Completel relay)

Found virus WORM_SOBIG.F in file your_details.pif
The uncleanable file is deleted.

If you have questions, contact administrator.

--------------------------------------------------

See the attached file for details

--------------------------------------------------

-------- Virus Warning Message (on Completel relay)

your_details.pif is removed from here because it contains a virus.

---------------------------------------------------


Now, will someone please explain to a thicko... is this

1) my computer sending out viruses and other peoples automated systems picking them up (there's nothing appearing in my 'messages sent' box)

or

2) Someone inadvertantly sending me the virus and my ISP picking it out before it gets to me?


I've run the latest Norton update on every single computer in the office and have even run their security patch... nothing seems to have turned up on our computers but I've had over 100 of these today

I think the same thing has happened to you as happened to me.

Someone you know had their computer infected, and the virus (for some reason) selected your name as the spoof "from" line, and forwarded the email to everyone else in the address book. So the bounced emails come back to you. If your name begins with "A", then it might have been at the top of the address list, and therefore the one chosen.

The thing to do is to have a look at the header and see where the original message came from, just to make sure that it wasn't from you. You can do this at spamcop.net

I'm not very technically minded, so if anyone knows more about this, listen to them!

Otto

What Otto said is right. According to both my ISP and tech support at work, there's not really much you can do about this. I have my computer set to block all those emails now, as they're so annoyingly huge.

My computer has *received* loads of infected emails, but has not been infected -- the joys of good spam filters, antivirus software, and a decent firewall. My other computer has the advantage of being a mac running non-Microsoft email software, and has never been infected with anything, and probably never will be -- very few viruses out there today can do diddly squat with a mac.


Mikey

Gosho, I'm not infected, but certain of e-mail addresses are well known out there and are getting stuff sent to them.

sounds about right... _all_ our business is carried out by e-mail, so we're on the mailing list of at least 600 customers... plus the fact our email address is published on the web

I'll try setting up a spam filter to get rid of them all.

The reason that no messages appear in you sent items and yet you machine still sends the mail is because SOBIG has its own built in email system.

All email passes through your ISP, which means they can check it for certain things as it passes by. SOBIG, as an example, is easily recognisable, but mistakes can be made so a message is sent to you to let you know that you would have had a message but it's been destroyed, so that you can check with the sender whether it was junk or valid.

Hope that helps.

... oh I forgot to mention. If you haven't received lots of emails with or without the virus attached, it could mean that you don't have any friends.

<>

The war of the worms is being waged on our computers,



LoveSAN/MSBlaster This worm is unique in that one can get it from just being online, and already it is estimated that over 1.4 million computers have been affected. It’s been announced that new versions of the MSBlaster virus have been released. . "In other words, all computers infected by the original "Lovesan" will soon be attacked by its revamped versions At 4 a.m. Friday infected computers from the Asia-Pacific region will start flooding Microsoft's Windows Update site. As successive time zones reach midnight on Friday, the attack will grow.


But Now as a newly released beast attempts to slither into unprotected systems and pluck last week's worm from infected machines. After removing its predecessor MSBlaster. the new worm, which -- just to add to the confusion -- has been dubbed WORM_MSBLAST.D, Nachi and Welchia by various security and antivirus firms, then politely patches the machine against the vulnerability that MSBlaster exploited When the main service routine is launched, W32/Nachi-A checks for the existence of the process name and the filename of W32/Blaster-A. If the process exists W32/Nachi-A attempts to terminate it and to remove the file.W32/Nachi-A removes itself from the system if the system date is 1 January 2004 or later.



Are Coderhoods the new robinhoods of the techno age

Is this good or Bad?

Who will win this war? (GM-Blaster or Nachi-A)

What will we learn for this lesson?

Any one with new news on the subject

well i certainly don't have any friends than

except for good ol' prorev1 AT yahoo DOT com who keeps sending me links to ecards in arabic again and again and again which have "just a suggestion" in them but i don't know what the suggestion is! then i get the ol' bounceback messages...

we have norton and haven't really had any problems at all. but then i don't open attachments, or even emails, from people i generally don't know, and i have a relativaly new email address which doesn't get much spam yet as my main address now. my hotmail address gets a vast array of offers and another address that i have only ever gets spam related to Nigerian business proposals

span