STORM2K

DON"T OPEN ANY EMAIL LIKE THIS!!!!

System Anti-Virus Ad... // Virus found in sent message "Re: That movie"

This was in the topic line!!! More later

Dear John,

A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine. In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses.

Note: The worm copies itself onto the infected machine as: C:\WINNT\WINPPR32.EXE

Caution: An infected email can come from addresses you recognize and may contain the following information:

WHAT TO LOOK FOR:

Subject: [content varies]
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie

Body: [content varies]
- See the attached file for details
- Please see the attached file for details

Attachment: [content varies]
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif



Learn More about W32/Sobig.f@MM
Scan for W32/Sobig.f@MM



Subscribe to a full year of VirusScan Online for just $34.95 and get SpamKiller free*!

Learn More...


* After $30 mail-in rebate.
SpamKiller stops spam from polluting your inbox. SAVE $15, now only

That's part of the SoBig virus Johnathan. You're right though...Don't Open the Attachment. Road runner is blocking all of those coming in for me but I still get a message saying that they blocked it because of the virus.

Mine is on hotmail..but didn't look right!!!! After the email..I realized the term "RE: The Move" after getting the alert email from Mcafee... good thing I have good retention!!

Thanks for the alert Johnathan! Norton is crapping on me again so I have to be extra careful right now :o .

So far I've received three e-mails with SOBig from board members. The virus will only get on your system if you open the attachment! Be careful out there

So far, so good on Norton 2003 program!

(Sweatin' and fingers crossed!)

Thanks, Johnathan!

Yep, so far Norton is hanging in for me. They said this is the fastest spreading virus yet. When will this end?

I have Norton 2002 with updates on my PC in general, and McAfee scanning my home server and Hotmail inboxes...both have done well in quaranteeing and deletion of the 60+ E-mails I've received with this SoBig.F version.

The attacks have subsided for now...but, there's always tomorrow!

I have received over 75 of these e-mails in my Hotmail account. I have closed this account as of yesterday because I can't deal with the hours of deletion it is taking to keep all the terrible junk mail out so I can read the two or three e-mails from friends and colleagues.

I have Norton AntiVirus 2001 - but with the LiveUpdate, which I don't know what it does...but I'm hoping it catches it if it comes! :o Thanks for the alert Johnathan!

Well I just checked my home email here from work via my isp server - I had over 60 emails with the sobig virus. I deleted everyone one of them from the internet side - haven't been opened at home yet. My isp be caught 50 of them and sent me notice saying I was send a virus. With my ISP and my McAfee virus protection - I am hoping I am protected.

This one is bad Folks.

Thanks Johnathan for the heads up!

That's what I was seeing on Monday night in my e-mail - I'd say 70 of the 80 e-mails I received had something to do with that virus. Prodigy did send me an e-mail stating that they blocked others that tried to come through that had the Sobig virus on it.

I'm being hit right and left too! Thank you RR!!!! Plus I have a firewall on my comp!!! plus Mcafee!! My McAfee hasn't caught anything of late, but I presume that is because of the excellent job RoadRunner does and the firewall. DEFINITELY A BAD ONE FOLKS! I've gotten at least one notice saying I sent one, but I don't even trust the notice.

Same thing here David - I'm getting an aol notice that I sent one - I have no one in my address box with the name timebomb - and my computer has been shut down and turned off at home since 6:00 a.m. this morning.

I don't know what's going on....this is a bad one...they need to find who did this and lock them up for life.

Running through Phoenix, too. Sobig is doing its thing. Not terrible volatile here, but a nuisance nonetheless.

I'm cleaning the computer daily with Norton...which says I don't have the virus...just the effects of it.

Have had trojan horse viruses a couple of times before. The Sobig is pesky.

My grandma has the virus and thankfully, she is aware that the virus has attacked her computer....she is working with Nortons right now to end the harmful effects of the Virus.

Goodness!! Headlines at Drudge:

NY TIMES SHUTS DOWN COMPUTER SYSTEMS...
Infected PCs await orders from hacker...
Virus Expanding Its Reach...


When will this end???

I have been lucky so far. I haven't had a single contaminated email. *crosses fingers*

I thought the only way the virus could get into your computer is if you opened the attachment.

How would you know if you got the virus? Does anyone know what the computer does with this virus upon being infected?

Lindaloo wrote:I thought the only way the virus could get into your computer is if you opened the attachment.

How would you know if you got the virus? Does anyone know what the computer does with this virus upon being infected?

Viruses and worms find there way onto your PC any number of ways. E-mail is one of the more prevelant (and easiest to prevent) ways. With the expansion of full time internet access, (DSL / Cable) there are an increasing number of direct attacks via internet worms. Worms usually target PC's unprotected by a properly configured firewall. A worm is usually the carrier of what's called a payload. The payload is another program that can be everything from "Spyware" to another virus. It's a dangerous world anymore on the internet.