Annoy and crash...
-
-
ah.. the joys of using accessing ones mail through a unix telnet and being too lazy to even keep an address book anyways :)
one thing that makes me curious is why the hell program it to expire? Hell if I were behind it I would have let this run forever... sure technology should evolve to stop it but its still more fun, I would think, to let it run wild for as long as possible.Comment
-
The MSBlaster and its variants were designed as a denial of service attack on Microsoft's web site directly, the author even stated so in the virus' code... "why does microsoft allow this kind of stuff to continue to happen?"
The SoBig.f is a member of the W32 worm family, which is a self replicating worm using SMTP mail address folders, it spoofs "from" addresses to make the message look legit. Yes, it does stop mass mailing on Sept 10th, but the system that is infected will continue to try to download code updates from the master server list, so it has the potential to start right back up based upon new information it receives from the Internet. The sooner you nuke this one, the better.
-Evil BobComment
-
here ya go, to help out the ladies at AGD
What is it?
Use these to check for the sobig worm
McAfee:
Symantec:
And you should run Windows update to keep it from coming back.
http://windowsupdate.microsoft.comComment
-
well untill today I hadnt got a single "so and so tried to send you a VIRUS!!!" email from my mailserver.....but today in a 6 hour span....I got 80!!! LOL....
this is on my main account..that very few have...alot seemed to stem from paintball sites...so Im guessing its from one the mailing lists im on...arrg....
anyway...yes it is great to have a few remote unix shell accounts that offer mail service...eheh..
oh and most virii codes are designed to effect the NT/XP/ETC. windoze playform now it seems....so the 98/*nix sers like myself...and it seems sevral others here....are quite less of a target....gotta love haveing all thouse Windows and Gates for virii to enter through dont cha? ehehe-Jim "CodeMA" Brown
Fire 'N Squad
http://www.diatribepaintball.com
http://www.whatispaintball.com
http://www.fmxpaintball.com
http://www.officialpaintball.comComment
-
Best defense I've come up with so far is get your e-mail addresses off the web wherever you can. Several of these virii obtain their target or forged return addresses from web caches. Just pulling WARPIG's main e-mail address off the footer of the pages dropped general spam and worm messages to that address from over 2,000 a day to usually less than 800.
Bit by bit I'm converting any online references for folks to e-mail me into feedback froms, and changing the addresses to which they feed as the spam and worm loads get to high.
See you on the field,
-Bill Mills
Computer / Paintball geek
Technical Editor, World And Regional Paintball Information Guide - http://www.WARPIG.com
Producer, Paintball Television - http://www.PigTV.net
Paintball, Motocross trail riding, SCUBA, climbing, surfing, R/C aircraft, fun stuff...Comment
-
I just went through this myself. Luckily it was at home and not at work where it would cripple us.
You will have to do a reverse lookup of the originating IP number and narrow it down to a domain. Then send a request to that domains abuse department to block that user and send them a warning to fix the problem.
I was able to fix my problem because it was a friend that had the worm and after I seen the domain I knew just who it was. Luckily again it was not a huge domain like AOhell MSN or earthlink. That would have been MUCH harder to do myself.
Just FYI the payload of this worm is a Trogen that gets downloaded and also sends critical data. It is not a harmless "crash and annoy" style virus, but it is easy to kill.
Too many stupid computer users out there that make life hell for the rest of usComment
-
Lamby, you're right. After looking up the IP number in the header, you can take it to http://www.samspade.org and find out who owns it, then report to them. Sometimes it helps, sometimes it doesn't. I solved my problem at home doing this because 99% of the Sobigs I was getting there came from the SAME IP address. But this is not the case at my work email, and because I'm still recuperating from surgery, I'm not actually in the office much. And when I am there, my first priority just can't be tracking down IP addresses!
I've already suggested to management that my email address may have to be closed down - I'm the ONLY one who is getting bombed because my address is much more public than anyone else's.
Thanks to Heat for publishing the resources in a single place! Hope everybody on AO who uses a PC will take advantage of his post to check their PCs out and clean them up if need be.
MarciaComment
-
Your welcome. And I appresiate being noticedOriginally posted by AGD-OfficeGal
Lamby, you're right. After looking up the IP number in the header, you can take it to http://www.samspade.org and find out who owns it, then report to them. Sometimes it helps, sometimes it doesn't. I solved my problem at home doing this because 99% of the Sobigs I was getting there came from the SAME IP address. But this is not the case at my work email, and because I'm still recuperating from surgery, I'm not actually in the office much. And when I am there, my first priority just can't be tracking down IP addresses!
I've already suggested to management that my email address may have to be closed down - I'm the ONLY one who is getting bombed because my address is much more public than anyone else's.
Thanks to Heat for publishing the resources in a single place! Hope everybody on AO who uses a PC will take advantage of his post to check their PCs out and clean them up if need be.
Marcia
You a babylon 5 fan? I just got done watching it
Comment
-
Thank god I use a Mac!
Hey PC people, G5s in stock when your ready to switch from the dark side.Comment
Comment