Help! Virus/Worm Sending Me 600+ e-mails a day!!!

Help!

What should I do? I'm now getting about 12 e-mails a minute (and this went on all yesterday, but it was about 1 e-mail per minute!) that are from the virus/worm, code-named W32/Sobig.F-mm The e-mails have subject headers that say things like:

"Re: Thank you!"
or
"Re: My details"
or
"Wicked Screensaver"

With file attachments.

How do I get this thing to stop clogging my e-mail account??? I'm afraid that my ISP may shut me down for receiving too many e-mails!!!

Thanks,
Adam.

As well as those, the ones arriving in my email box also sometimes say, "approved."

The interesting thing though is that they are all going to one email address - at least all the one's I opened anyway (I have Pegasus Mail so I can open stuff like this without infection).

Only thing I can think of is: figure out WHO is the person who is infected who has your email address on their system (I assume this is how this virus/worm works - sending itself out to email address in your address book or whatever email address it finds, and maybe using From addresses you have too).

Which raises the point... if someone has had any dealings with [email protected] or anything remotely like that, then you may be infect with a computer virus. Granted, the from address could come from anywhere. But hey. It is worth a shot.

What to do. Add @yahoogroups.com to your filters. Move all incoming emails that have Thank You in their subject line. Create a filter to delete all Wicked Weasel emails. Creat filter to move emails with Approve in subject line. Five minutes of creating a few filters gives much peace.

Michael Ross


Not filters needed

The "From" address on the email is not the real computer the email is coming from. It grabs that email address at random from places like email address books, and fakes it as the "From" email address.

Don't open the attachments!

I didn't receive any attachments with mine, as all my email is filtered through www.Spamcop.net - which automatically detects viruses and removes them from the email. It's a pretty good service....

You can read more about this virus at the link below.

- Dien Rice


Sobig worm returns

Hi,

Yesterday afternoon while filling out a form at eLance my WinXP machine suddenly rebooted itself. It hadn't ever done that before, but I've had plenty of Windows machines that had, so I wasn't terribly concerned. As soon as I got back online I noticed that something on my machine was sending a lot of bytes off into the internet. I keep my wife's computer and my other computer well protected, but the one I was using yesterday is a fairly new one and I had unwisely failed to protect it.

As soon as I noticed that something was sending a lot of stuff off into the net (it wasn't very obvious that it was happening but I noticed because I'm very in tune with how my computers behave) I got offline and then I downloaded the install file for ZoneAlarm on another computer and copied onto my sick computer. Among other messages ZoneAlarm told me that DLLHOST.EXE was wanting to send to 209.244.0.3:DNS so I researched that at google groups, and heard about something called TrojanHunter ( http://www.misec.net/trojanhunter/ ) and I downloaded the evaluation version and ran it. It reported a possible trojan that seemed related to the dllhost message that ZoneAlarm gave. I'm in the process of trying to discover if it's really a trojan.

I wish I could spank people who write virii, worms and trojans....

Best,

- Boyd

dno

F-Secure provides a free special tool to disinfect the Sobig.F
worm. The tool and disinfection instructions are available on
their ftp site:

ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.zip
or
ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.txt
+
ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.exe

Hope that helps

Oliver Peters


f-sobig.zip file

[Disclaimer: this message is not advice and conveys no rights to any reader.]

Hi,

A free antivirus tool (free for noncommercial use, that is) is Avast! ( http://www.avast.com/ ). We use it on one of our computers and like it a lot (do your due diligence as always, for example by checking google groups for comments about Avast!). Additionally, some words of wisdom about computer protection are:

[quote]

This is no news to many readers, but hopefully this whole Blaster thing has woken many up to the need to keep things up-to-date!

Oh, but don't install SP4 for Win2k - it's cr*p. Stick with SP2, or SP3 if you can live with the few extra bugs it introduces. Both very stable and not causing the huge problems like SP4.

- Prevention: the best weapon against the Blaster worm -

The Blaster worm continues to wreak havoc in users PCs, and it is still the virus most frequently detected.

However, the epidemic currently being caused by Blaster could easily have been avoided. The vulnerability exploited was reported by Microsoft almost a month and half ago and was widely reported by the international media. The same advise was repeated time and again: to avoid problems, simply apply the Microsoft patch.

Seemingly this advise fell on deaf ears, judging by the number of computers affected by Blaster. The situation also highlights the general lack of security awareness among home users, who have been affected more than any other user group Users with personal firewalls installed have escaped the effects of the worm, as port 135, used by Blaster to enter computers, is protected by these kinds of programs.

Likewise, the high number of incidents still being caused by Blaster is also largely a result of the failure by users to keep the antivirus software in their PCs completely up-to-date.

Similarly, the RPC DCOM vulnerability continues to cause problems, with the appearance of a new worm/Trojan called W32/RPCSdbot which exploits the Windows vulnerability to take control of the infected computer and spread via e-mail.

However, protecting against Blaster, W32/RPCSdbot and other viruses that could emerge in the near future can be simple, provided users take a few basic precautions:

- Find out about and apply patches to correct vulnerabilities detected in the software installed on your PC. Vendors websites will normally have this sort of information and the downloads.

- Keep your antivirus updated. The simplest way is to install solutions that update automatically when users connect to the Internet

- Install a personal firewall in your computer, with both broadband and modem connections, as just a few seconds is all it takes for a malicious code like Blaster to infect your PC.

[unquote]

Link to the "Top 10 Ways to Secure Your PC" article is below.

Best,

- Boyd


http://www.techtv.com/screensavers/a...452576,00.html

> dno
..

DNO-NM = Do Not Open - No Message inside. all the contents are in the subject line.

Dennis Bevers