Fog Creek Software
Discussion Board




Question About Latest Virus

I have an email address for work that received around 500 virus-attached emails from numerous people and companies around the world, including within my own company, last weekend.

One of the senders of the email was my manager. However, we checked her computer and found no viruses on it, yet a virus was "sent" from her email address to me nonetheless. How was this done? (Her antivirus program is up-to-date.)

For your information my company uses Microsoft Exchange Server 2000.

Thanks.

Jackson
Wednesday, August 27, 2003

SoBig fakes adresses it sends the mail from. Annoying, especially since bounces and auto-replies are a large part of the resulting traffic. Filteing on subject ('your details', 'wicked screensaver',....) helps.

Jeroen
Wednesday, August 27, 2003

I have as of this moment recived 236 bounces because a lot of machines are sending out virii with my email adress as the sender.

It is from far too many different machines for me to figure out where they came from an complain to their ISPs.

Martin
http://www.crunzh.com

Martin Schultz
Wednesday, August 27, 2003

From: http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html#technicaldetails

W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.

For example, Linda Anderson is using a computer infected with W32.Sobig.F@mm. Linda is neither using an antivirus program nor has the current virus definitions. When W32.Sobig.F@mm performs its email routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From" portion of an infected message, which it then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message; however, when Harold scans his computer, Norton AntiVirus does not find anything, because his computer is not infected.

Just me (Sir to you)
Wednesday, August 27, 2003

I found it interesting that this virus was reasonably autonomous. Once the user was "social engineerd" into opening the attachement, it ran, independant on any particular email clients functions, since it contains its own SMTP engine and address harvester.
Hey, if the Java runtime would be more prevalent they could have made it a full cross-platform virus.  But why bother for just an extra 5%, right ;-).
*duck*

Just me (Sir to you)
Wednesday, August 27, 2003

I see now....

Now we need to see a virus writer who will put as much thought into the subject heading and body content as he does with the programming itself.

Thanks for the info.

Jackson
Wednesday, August 27, 2003

What will Anti-virus companies do if there were no more new viruses...the amount of effort and skill required to write most viruses without any monentary gain is a mystery.

Well, what do I know..just VB..sorry, got hosed last week..

john
Saturday, August 30, 2003

*  Recent Topics

*  Fog Creek Home