One of the most active virus's ever? - GoFuckYourself.com

pr0 · 08-20-2003, 09:45 PM

Its gotta be, why is the media keeping this so under wrap? I mean seriously this is causing some major issues all over. I never get this many virus's in my box, in my free accounts that are unlisted & everything, so its not just a web collect virus.

Anyone have the specs on this little monster of a creation?

goBigtime · 08-20-2003, 09:46 PM

it is (the most active ever).

KRL · 08-20-2003, 09:46 PM

W32/Sobig.f@MM

A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses. So exercise care when opening emails with attachments. An infected email can come from addresses you recognize.

Because it sends so many emails, a worm like Sobig also saps bandwidth and slows network performance. Worse, it can also open up a user's computer port, making it vulnerable to hackers, who can plant dangerous Trojans. These malicious programs often let unauthorized users remotely take over a system, steal personal information or use the infected PC to send spam.

What are the common subject lines, attachment names and message content associated with W32/Sobig.f@MM emails?

Subject: Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Re: That movie

Attachment: your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Body:
See the attached file for details
Please see the attached file for details

How do you know if you've been infected?

The worm copies itself onto an infected machine as:
C:\WINNT\WINPPR32.EXE

goBigtime · 08-20-2003, 09:47 PM

Klez was the most active at 1 in every 125 emails...
this thing is 1 in every 17.

Sais this article:

http://news.yahoo.com/news?tmpl=stor...1134&printer=1

pr0 · 08-20-2003, 09:47 PM

this thing is really raising the bar on virus's, i'd hate to see the 10,000 variations that will come out over the next year

these coding fools need to take a break...

Theo · 08-20-2003, 09:48 PM

most probably it is
i have seen similar things in the past,receiving tons of virus emails,but this time it happens across all my email accounts,not just 1 or 2. This shit seems to be everywhere.

pr0 · 08-20-2003, 09:50 PM

Party Goat is getting pissed, he hasn't been able to filter through all the crap to correspond with his cousin in slovokia.

Theo · 08-20-2003, 09:50 PM

great, more viruses outbreak

"Due to an increase in submissions, Symantec Security Response has upgraded W32.Welchia.Worm to Category 4, as of 6:00pm Monday, August 18, 2003. "

08-20-2003, 09:45 PM	#1
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	One of the most active virus's ever? Its gotta be, why is the media keeping this so under wrap? I mean seriously this is causing some major issues all over. I never get this many virus's in my box, in my free accounts that are unlisted & everything, so its not just a web collect virus. Anyone have the specs on this little monster of a creation? __________________ __________ Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

08-20-2003, 09:46 PM	#3
KRL Entrepreneur Join Date: Oct 2002 Location: USA Posts: 31,429	W32/Sobig.f@MM A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine. In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses. So exercise care when opening emails with attachments. An infected email can come from addresses you recognize. Because it sends so many emails, a worm like Sobig also saps bandwidth and slows network performance. Worse, it can also open up a user's computer port, making it vulnerable to hackers, who can plant dangerous Trojans. These malicious programs often let unauthorized users remotely take over a system, steal personal information or use the infected PC to send spam. What are the common subject lines, attachment names and message content associated with W32/Sobig.f@MM emails? Subject: Your details Thank you! Re: Thank you! Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie Re: That movie Attachment: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif Body: See the attached file for details Please see the attached file for details How do you know if you've been infected? The worm copies itself onto an infected machine as: C:\WINNT\WINPPR32.EXE __________________ If you would like to develop your domains, you can lease inexpensive foreign labor from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION! * * * * * * * * * * * * Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

08-20-2003, 09:46 PM	#2
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	it is (the most active ever).

08-20-2003, 09:47 PM	#4
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	Klez was the most active at 1 in every 125 emails... this thing is 1 in every 17. Sais this article: http://news.yahoo.com/news?tmpl=stor...1134&printer=1

08-20-2003, 09:48 PM	#6
Theo HAL 9000 Industry Role: Join Date: May 2001 Posts: 34,515	most probably it is i have seen similar things in the past,receiving tons of virus emails,but this time it happens across all my email accounts,not just 1 or 2. This shit seems to be everywhere.

08-20-2003, 09:50 PM	#7
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	Party Goat is getting pissed, he hasn't been able to filter through all the crap to correspond with his cousin in slovokia.