I just received an email from support@microsoft.com titled "Re:My Details" that had a virus. This is what Norton picked up:

This file: "password.pif" was infected with: "W32.Sobig.B@mm" virus.

The file was deleted by Norton AntiVirus. Friday, May 23, 2003 06:14

Scary shit!

Some good reading on this bad boy....check it out.....and be careful !!

SoBig Worm (http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b@mm.html)

GTG

That mail did not come from MS, the worm spoofs mail headers. If the originating computer's user had my email address in his contact list, it may have appeared to be originating from me. Nowadays it is not a good idea to curse out the appearant sender for sending you a virus (you listening Chief? :p ) as chances are the guy is innocent. Get Norton Antivirus and have autoprotect enabled with the latest virus definition files installed.

mili

I put a bogus email address at the top of my contact list. I've heard from more than one source that this stops email generated viruses from leaving your computer. And I definately agree about Norton. I've got a legit copy that I keep updated religiously. Pretty scary about originating from a different computer than what's in the from field. Most people wouldn't think you'd get a virus from somewhere like MicroSoft.

OK now I know we all use Microsoft Products, but at work, the thing we always say about Windows (of any vintage) is "It's not an operating system, it's a virus!"

valenti

sobig is for some off reason digitally signed by microsoft, how someone got the code to do that is beyond me. but from all of my experience removing it at work it is digitally sign which makes windows think it is something built in to the o/s itself which makes everything 10 times more fun, hope and pray you dont get this virus...its a bitch to get out and even if you do get it out there is no way of knowing if you got everything infected with it because of the digital signing thing, norton skips over that sort of stuff....in my experience with it the only sure fire way for it to be completely removed is to do a full format and get rid of everything...

I get that damn thing sent to me about ten times a day ...
The privileges of changing to XP I guess .. With W98 it was cool ..
I did a trace on the thing and it is out of Russia ...

Before my ISP installed a virus scanner on my incoming mail I got in the excess of 1,500 copies A DAY of this shit. They went straight in the garbage but it still took up a bigass chunk of bandwidth. You bitch about 10 a day :)

mili

Nowadays it is not a good idea to curse out the appearant sender for sending you a virus (you listening Chief? :p ) as chances are the guy is innocent.

mili
YEEEEE-HAAAAAA....and that's exactly what I did, too...not the SoBIG, but that other one...LovSan, or something like that. Didn't cuss him out, just told him that if he did it on purpose, he was indeed a large scumbag :p
He wrote back, "WTF are you talking about...I live in China"....HAHAHA
Norton caught it, anyway. I got the Russkie virus, too, about 10 times, but it has quieted down.

I did a trace on that Microsoft virus and this is what came up ..


domain: GOV.RU
type: CORPORATE
descr: RUSSIAN GOVERNMENT INTERNET NETWORK (RGIN)
descr: Public and corporate domain for
descr: States organs of the Russian Federation
admin-o: GUIR-ORG-RIPN
nserver: ns.gov.ru. 194.226.80.77
nserver: ns.relarn.ru.
nserver: ns.rtcomm.ru.
created: 1997.07.10
state: Delegated till 2004.08.01
changed: 2003.03.31
mnt-by: RGIN-MNT-RIPN
source: RIPN

org: Main Division of Informations Resources
org: for States organs of the Russian Federation
nic-hdl: GUIR-ORG-RIPN
admin-c: MVP3-RIPN
bill-c: MVP3-RIPN
bill-c: MAG4-RIPN
bill-c: KOZ1-RIPN
phone: +7 095 2062863
phone: +7 095 2060333
phone: +7 095 2065269
phone: +7 095 2066349
fax-no: +7 095 2067355
e-mail: kozirev@gov.ru
e-mail: magr@gov.ru
e-mail: noc@gov.ru
e-mail: pmv@gov.ru
changed: 2003.07.04
mnt-by: RGIN-MNT-RIPN
source: RIPN

person: ANDREW A KOZIREV
nic-hdl: KOZ1-RIPN
address: Administration of the President of the Russian Federation
address: 4, Staraya sq.,
address: 103132, Moscow, Russia
phone: +7 095 2062863
fax-no: +7 095 2067355
e-mail: kozirev@gov.ru
e-mail: noc@gov.ru
changed: 2003.01.30
mnt-by: RGIN-MNT-RIPN
source: RIPN

person: MIKHAIL V POLIAKOV
nic-hdl: MVP3-RIPN
address: Administration of the President of the Russian Federation
address: 4, Staraya sq.,
address: 103132, Moscow, Russia
phone: +7 095 2062882
fax-no: +7 095 2062882
e-mail: pmv@gov.ru
changed: 2002.07.31
mnt-by: OVEN-MNT-RIPN
source: RIPN

person: MIKHAIL A GRISHIN
nic-hdl: MAG4-RIPN
address: Main Division of Informations Resources
address: for States organs of the Russian Federation
address: 4, Staraya sq.,
address: 103132, Moscow, Russia
phone: +7 095 2062863
phone: +7 095 2060333
fax-no: +7 095 2067355
e-mail: magr@gov.ru
changed: 2001.02.21
mnt-by: RGIN-MNT-RIPN
source: RIPN

Last updated on 2003.08.29 22:38:34 MSK/MSD