Has anyone else noticed a massive surge in email viruses today?

At DU we normally receive a bunch of those emailed viruses every day (the amount of spam we get has to be seen to be believed). The virus I'm talking about is the one that generates messages titled things like "Re: Approved" "Re: Details" "Re: Wicked Screensaver" "Re: your Application" etc.

These emails all come with attachments which carry the virus payload. Obviously I've seen these all many times before, but today we've received several hundred, all from different email addresses.

Has anyone else noticed a large surge in these email viruses today?

EG

Sobig is around again.

Many, many more than usual. Yahoo does a good job of sending them to bulk mail, so just have to dump them.

Here's the poop from McAfee:
http://vil.nai.com/vil/content/v_100561.htm

And I've been getting many, as has all of draft gore and where I work as well...

W32/SoBig.f@MM

This virus stuffs the inboxes of any email it can get it's hands on.

About the virus:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

Free virus scans:
http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
http://housecall.antivirus.com/

n/t

It is funny you should mention that. I just came back from investigating a user's notes with that very problem. He got spammed by 3 different groups with emails containing the same viruses you mentioned. These were from people he has never received mail from All were caught at the firewall. The Nazi Bastridges!

I'm having a bunch of mail with attatchments coming
to my home email box ,,,I've just been deleting them .
I called my dad and he will come over and
check it out later today.

:-(

Can't wait to find out what I'm getting at home...

:scared:

I was getting them at the rate of one per minute this morning, but after the daily patch for viruses was downloaded automatically, they stopped.

I imagine my Systems Admin is having quite a day with the email server over this.

That makes me feel a little better - sorry everyone else is having a hard time though.

I just deleted 300 of the little buggers from our mail server.

so you might want to do an update on yours (I'm using McAfee -- DAT file 4287 is out now).

NASA/Goddard apparently got hit hard today by this, and I've had well over 100 messages on my work account alone today (so far).

Looks like this virus spoofs the sender/reply-to fields, so that won't necessarily tell where the email originated.

btw, I heard there's another worm out today, that acts like a "good worm" -- it scans for machines that haven't protected themselves from last week's MSBlaster worm, installs itself, removes MSBlaster if found, and then does a windows update. Weird. Of course, it's still eating processor time and internet bandwidth, so it's not THAT benign.

But thanks for the headsup, & thanks for all of the info from those who have replied.

I monitor a group E-mail box at work. Been cleaning out SPAM all day.
Probably 250-300 messages thus far.

show today, he just mentioned he'd been getting a ton of them too

KC

but it's still bad.

This leads to the question why so many idiots use Microsoft products and contribute to the problem. As long as idiots continue to use programs, like Outlook that was never designed to be secure or to not allow the execution attachments, we'll continue to have problems.

that I've had a problem with came through my company's server. They were infected several times with different viruses. My McAfee caught them all and I've never had an "infection." My personal ISP's mail server has never allowed an infected e-mail through, and very, very little spam. To be safe I don't open any e-mails from anyone I don't know, and never open an attachment unless I'm expecting it. I'm on automatic updates with McAfee and MS.

Thank you for calling me an idiot, though, as I am an XP (and Outlook Express) user.

Edit to add words in parentheses.

Let me guess, you're one of the "smart" Mac users, right?

I am a Microsoft user and I haven't received any virus e-mail's today. And my business is worldwide. Could it be because:

(1) I use Spamfighter (a free Outlook utility) that leverages its entire user community of Outlook users to determine a spam e-mail and delete it before it enters my computer?

(2) My Norton AV is up-to-date and screens my incoming e-mail?

(3) That my Zone Alarm is protecting me from attacks through my com ports?

(4) That my XP Pro operating system is up-to-date with the latest patches, as is my XP Office suite?

(5) Or a combination of all 4?

Whatever it is, I think your insults about us "idiots" using what I find to be an outstanding and rock solid e-mail platform is way too over-the-top to let it pass.

I think most problems people have are because they aren't informed and don't use the tools that are available to protect themselves.

And why are you wasting that huge amount of money on all of those things? It's because Microsoft refuses to produce products that or secure or they're so technically inept that they simply can't.

How about getting smart and using a single better product rather than wasting hundreds of dollars on something that might or might not protect you. Given Microsoft's history (like the old MSIE backdoor that would execute attachments when just previewing a message!), you'll eventually get burnt.

Outlook comes with Office....so I don't need a separate unintegrated e-mail client.

Spamfight - free
Zone Alarm - free

I do pay $35.00/year to keep my A/V updated. I could use a free program, but Norton's works well and I write it off.

Again, why do you make statements that simply aren't true? Why is that? I told you that I have no virus issues and I am totally happy with the product suites that I use. Does it piss you off that there are people who will disagree with your uninformative critiques about software?

yet, I have not recieved any viruses as of yet. Outlook Express gets rid of attatchments from e-mail that I dont have on my address list auomatically. Not contributing to any problems here.

What I've been getting are messages from postmasters saying emails I sent are undeliverable, but I didn't send the emails. What's interesting is in the message seems to be email info on someone I know who may have me in her address book.

"undeliverable" returned messages that I never sent out, to addresses I never heard of. Here is a link to some information on W32/Sobig.f@MM :

http://vil.nai.com/vil/content/v_100561.htm

The web meister at my university department e-mailed me:
A new email virus variant is going around like wildfire. Your address is being spoofed by an infected machine because that machine has the string (my e-mail addy) somewhere on its hard drive. They were not from you, naturally. Check to see that your virus definition files are up-to-date . . .

my firewall detects it and "quarantines" it (not quite sure what that does) - but it still gets to my inbox. All I can think to do is click it (highlight not open) and delete immediately and empty my deleted messaged immediately.

I have received four in the past 12 hours.

lucky me

I guess this answers my biggest question so you can delete or lock my post. Sorry for the dupe, EarlG.

I have so far received 25 since 8 am this morning and all the ones you mentioned are included.

I'm only getting them on my local dem address so I suspected it was a local thing. I guess it isn't.


On edit: Anyone know if this is happening in freeperland or is this just targeting dems? I ask this because it isn't happening on the other five e-mail addresses I monitor.

one reason I love having a mac. But I'd love for someone to confirm this, since I do actually use Outlook Express for mac

comin in fast and furious out here in the high desert of the southwest.

My hunch is THAT a massive attack is underway -- and that it may take some doing to thwart it.

A couple of months ago I saw a NOVA special on PBS that told the story of the Cyber War that has been raging for several years.

There are thousands of probes and attacks on the various parts of the net every day. Someone may gave gotten lucky today, or may have gotten very good after a long series of tests and probes.

Come on you Net Geniuses. To your keyboards and mouses. Tame this ugly e-mail storm before we all choke under a MASSIVE WAVE OF SPAM...

This is a new variation of the "sobig" worm called "sobig.f". I have gotten about 30 of these in my Yahoo! mailbox today.

You're probably getting this if you have an e-mail address somewhere on the Web, such as on your Web site or even in a profile on a messageboard.

This from Symantec about Sobig.e. The new one is similar, but expires September 10:

W32.Sobig.E@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:

.wab
.dbx
.htm
.html
.eml
.txt

The email falsely purports that Yahoo sent it (support@yahoo.com).

Email Routine Details
The email message has the following characteristics:

From: support@yahoo.com (NOTE: W32.Sobig.E@mm spoofs this field. It could be any address.)

Subject: The subject line will be one of the following:
Re: Application
Re: Movie
Re: Movies
Re: Submitted
Re: ScRe:ensaver
Re: Documents
Re: Re: Application ref 003644
Re: Re: Document
Your application
Application.pif
Applications.pif
movie.pif
Screensaver.scr
submited.pif
new document.pif
Re: document.pif
004448554.pif
Referer.pif


Attachment: The attachment name will be one of the following:
Your_details.zip (contains Details.pif)
Application.zip (contains Application.pif)
Document.zip (contains Document.pif)
Screensaver.zip (contains Sky.world.scr)
Movie.zip (contains Movie.pif)

For more, see:

http://www.msnbc.com/news/954470.asp?0cv=CB20

And it is coming in on an e-mail address that is only posted on one website - the state dem party website. Yet I have several other e-mail addresses which appear on another website which aren't being hit at all.

Is this somehow being directed at dems or are the freepers trying to deal with it too?

edit: grammar - and to say that I'm really not a tinfoil hat kind of person. Just seems a little sketchy from my perspective.

http://vil.nai.com/vil/content/v_100561.htm

Discovery Date: 8/19/2003

Subject:

Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie

Attachment:

your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

The "From:" address may be spoofed with an address extracted from the victim machine. Therefore the perceived sender is most likely not a pointer to the infected user.

Symptoms:

Existence of the WINPPR32.EXE file in %WinDir%
Existence of the Registry hooks detailed above
Unexpected NTP traffic to remote servers

more info at the link above, including removal instructions (caution: techies only! over my head!)

in other countries who I don't know from an email address I only use as a forwarder. My main address is private.

One of the emails was from someone warning me that an email attachment movie0045.pif from that email address forwarder contained a virus. I don't use it or the server it's associated to for sending email so I assume the server has been attacked.

even though it didn't. The recipient server rejected the email (deciding it may contain a virus) and sent a message to the spoofed "sender", i.e., you. That's why you're getting that notice. Your server wasn't necessarily attacked, but someone was who had your email address in a file somewhere (address book, html file, whatever).

I've had about a half-dozen of those notices sent to me today.

Yup.

"Document02.pif " And I couldn't trace it through the headers like I normally do.

Curiously, AVG didn't catch it, but I hear the damn thing is new today, so the next update should get it. Too late for some, I would assume.

Scary, and I don't relish opening all attachments in a hex editor just to make sure.

which isn't really a massive surge by anyone's definition. But then I received only a humble 25 pieces of mail. Symantec quickly dispatched it to the rubbish bin. No harm, no foul.

Office/Outlook/Norton/BlackIce

I don't use Outlook for mail.

Our IT people here at work are on top of it; the Email they sent out says it's a version of the SoBig virus.

At home I updated all my antivirus software and made sure the firewall was active.