Crazy Spam Flood

Have I missed something? I’m getting flooded with spam titled, variously, “Thank You,” “Re: Details,” and “Re: Wicked Screensaver” with a message body of “See the attached file for details” and an attached Windows .PIF or .SCR file that appears to contain a DOS program. I’ve received 166 copies of this email, from people all over the world, in the last 24 hours.

Comments

Peter Rukavina's picture
Peter Rukavina on August 20, 2003 - 15:48 Permalink

Here’s some information from Macintouch: “[Roger Cohen] I have been hit by a mail bomb apparently generated by the “W32/Sobig” virus (not on my Mac). I have received about 1000 messages, most with six similar subject lines, in the last three hours. Each email is about 100 k. I have also received email from several recipients’ email mail servers. They are notifying me that an email I allegedly sent (someone is spoofing my return address) contains a virus, and that their server will not pass the email on to the “To” recipient. “

Peter Rukavina's picture
Peter Rukavina on August 20, 2003 - 15:59 Permalink

I’ve now spent a little more time looking around the ‘net, and it seems I’m not the only one noticing this. It would seem to me that Windows users must bear some of the responsibility for this debacle, supporting as they do a company so broken as to produce software that allows all this to happen.

Peter Rukavina's picture
Peter Rukavina on August 20, 2003 - 16:02 Permalink

I realize that I’m now simply talking to myself. Sigh.

Steven Garrity's picture
Steven Garrity on August 20, 2003 - 16:19 Permalink

You’re not alone (both in getting these emails, and on this thread). I’ve gotten dozens of them today.

Alan's picture
Alan on August 20, 2003 - 16:29 Permalink

At home, because I still have such a dinosaur of a system, I am not getting this stuff or the recent viruses.

Cynthia Dunsford's picture
Cynthia Dunsford on August 20, 2003 - 17:01 Permalink

I had to go out and buy a new anti-virus program because my McAfee didn’t do it’s job a couple of weeks ago. Everyone on my email list was sent the g.d. virus through my address, along with random personal email messages from my email program. Good thing I’m not in the habit of getting too personal in my personal emails.

John's picture
John on August 20, 2003 - 17:51 Permalink

I have been picking up these messages as of Tuesday. Fortunately U. of Calgary e-mail filter was able to scrub most of them. One did get through, but by that time I was using webmail and was able to erase it without openning it. What I don’t know is where or not it works only in Outlook. I’m still using Netscape/Mozilla which I assume is not vunerable to it. By the way, you have been infected if you have an executable “winppr32.exe” in your Windows directory.

Hans's picture
Hans on August 20, 2003 - 18:31 Permalink

On my “hotmail” account, I’ve been getting messages from “postmasters” at various domains with the message that email I sent to various users in the domain were undeliverable due an attachment called “re:details” containing a “PIF” program that contains a virus. Of course, I haven’t sent any such messages and don’t even know the users or domains that I supposedly sent to. But clearly, hotmail accounts have been hijacked as part of this recent spate of computer viruses. Of course, my paranoia tells me that microsoft or IBM starts all these viruses in the first place so that we have to buy more of their products.

Dave's picture
Dave on August 20, 2003 - 19:04 Permalink

Welcome to W32/Sobig.f -

We were hit with this one as well (for a few hours) until our virus definitions were updated. We started to see heavy traffic about 10:15 in the morning yesterday and the new dats were released at 9:08am PT.

A fairly nasty virus on the heels of the blaster worm.

Dave

Chris's picture
Chris on August 20, 2003 - 19:14 Permalink

I’m using a program called MailWasher to “screen” my email. It downloads the header and allows you to make a descision on wether to accept or bounce and blacklist the mail.

It’s not likely to be affective on the W32/Sobig virus, as it orginates from unique sources. It could be configured to filter the subject lines.

It’s a free download. Registration or “donation” costs as little as 3 bucks.

Get it from http://www.mailwasher.net

John's picture
John on August 20, 2003 - 20:31 Permalink

From what I have read about this virus, once it has infected your systems it starts to send out e-mails of itself (comes with its own SMTP engine) to address that it finds on your systems. It also spoofs the return address, so you can get messages from postmasters saying that you sent a virus.

Brad Pineau's picture
Brad Pineau on August 21, 2003 - 00:56 Permalink

Lucky me. I haven’t received a single one.. =)

Lou Quillio's picture
Lou Quillio on August 21, 2003 - 02:01 Permalink

Nor have I received any. My host is all over it. Haven’t gotten one.

Ken's picture
Ken on August 22, 2003 - 02:40 Permalink

This is a new virus that has no name, is not on your system, but sends emails with your reply-to details.

So you suffer replies from emails sent by someone elses infected PC. Take that control freaks, you can’t even name this virus.

Peter, you’re smart, can’t you figure out an elegant solution to the slow decline of email into chaos?

Mental Postage?

Peter Rukavina's picture
Peter Rukavina on August 22, 2003 - 03:21 Permalink

I think ultimately the best filter is “don’t accept the email unless the sender is in my address book.” Still possible to spoof, obviously, but perhaps the best stopgap until secure email becomes more widely adopted.

Craig Willson's picture
Craig Willson on August 22, 2003 - 10:41 Permalink

Just go to www.knowspam.net and try their service for free for 14 days. Then reach in your pocket and pay them $19.95 a year. My spam has been reduced to zero (yes, zero) from over 200 a day.

Rob Paterson's picture
Rob Paterson on August 22, 2003 - 20:35 Permalink

With blaster and now SoBigF are we near the end of email? I think that I have at least 60 of the little buggers today.

Air Canada had a virus last week in their reservation system that just added to their woes. I was at CBC with Paul H and they also died that day from a virus.

My spam filter blocks most but I still get a lot. Norton Anti Virus is working well but now I live update it every day — i think that you have to.

Jan Egil Kristiansen's picture
Jan Egil Kristiansen on August 25, 2003 - 16:38 Permalink

After realizing that most (or all) of the SoBig.Fs i got this mornig, came from the same IP, I had my mail office block that one IP, and am now enjoing the silence.

Seems the reject messages for email claiming to be from me, have also disappeared. Maybe I did convince the ISP of the infected machine to close its cnnection, maybe the virus filters are getting smart enough to realize that reject messages for SoBig.F are part of the problem, not of the solution.

Johnna Fisher's picture
Johnna Fisher on August 29, 2003 - 02:50 Permalink

I am getting 20 to 50 emails a day saying I have sent infected emails. t’s too bad that someone seems compelled to do this to the net. I hope one of your testicals fail.

Pedro's picture
Pedro on February 12, 2004 - 23:00 Permalink

Can I get infected if I download an infected emailand I don’t open it ????

wugongxing's picture
wugongxing on March 16, 2004 - 10:54 Permalink

please trial my software : Anti Spam Umbrella 1.0.
Free till 30th March 04.

ENJOY THE SERENITY WITHOUT THE SPAM DISTURBING .
No training or learning process required . Once you click “Check Spam ” button, we do the left things.

Outlook Spam filter