Page 1 of 1
WORM_SOBIG.F
Posted: Tue Aug 19, 2003 10:12 am
by Eero Ränik
Well, I just checked my email, and saw that it downloaded over 1000 emails, each about 75-100 KB, and each with virus attachments. It took me over 10 minutes to download them plus 1 to delete them and add a new rule to my mail filter... And I checked my inbox last time few hours ago.
It's the first time when some virus managed to almost fill my secondary mail account. Luckily none came to my primary one, otherwise I would've lost some important emails.
Anyway, more info
here...
Checked, luckily my computer wasn't infected (or was it because constantly updated virus checker?).
Re:WORM_SOBIG.F
Posted: Thu Aug 21, 2003 11:17 am
by Oliver
Ok I got a question...
There's a mail in my Inbox and the title is:
Returned mail: over quota
I haven't sent any mails in the last few days. So this can't be....I'm too scared to open it and I think It's that worm virus. Is it?
PS! It has a attachment
Re:WORM_SOBIG.F
Posted: Thu Aug 21, 2003 11:33 am
by gpm
If you're sure it's not your email, then just delete it...
Occasionally, those porno emailers spoof my account as a From addy and I get a whole bunch of returned emails like that.. I don't even bother with them and just get rid of them.
Re:WORM_SOBIG.F
Posted: Thu Aug 21, 2003 12:11 pm
by Oliver
I just wanted to know. Then I can be sure in the future;)
Re:WORM_SOBIG.F
Posted: Thu Aug 21, 2003 1:11 pm
by Eero Ränik
This virus has a bad habit of doing it too... If computer gets infected, virus will search through all files with known extensions (including temporary internet files) and starts randomly sending itself forward to anyone with email address in those files, while faking the sender too...
Re:WORM_SOBIG.F
Posted: Fri Aug 22, 2003 7:57 am
by rwfromxenon
I got sent several viruses, my dad works at a huge ibm site, and I know lots of people, who had visited my website (which is currently down
) and had been hit with the SOBIG worm. >:(
Worms and viruses really suck. ::)
Re:WORM_SOBIG.F
Posted: Fri Aug 22, 2003 9:27 am
by Joey
some idiot keeps emailing me virueses but i just delete the mail. the email address is
[email protected]
anyone know who this fag is?
Re:WORM_SOBIG.F
Posted: Fri Aug 22, 2003 10:26 am
by Eigen
I get e-mails form the same address, besides the others. >:(
-Eigen
Re:WORM_SOBIG.F
Posted: Fri Aug 22, 2003 11:56 am
by Eero Ränik
It's one of the older versions of the same virus: WORM_SOBIG.A. This address probably doesn't exist.
Re:WORM_SOBIG.F
Posted: Mon Aug 25, 2003 5:14 am
by df
i have mailwasher pro, cost me i think 19$.. since i run multiple accounts.
downloads the headers and first N lines and checks for spam, i just delete what I dont want, so no downloading 100 emails each with 100kb attachments that you know are viruses
this things spam checker rules and spamcop / orb blacklist works great on spam....
well worth the money
Re:WORM_SOBIG.F
Posted: Mon Aug 25, 2003 9:46 am
by Whatever5k
There are multiple ways of Anti-Spam. One way is, as df already mentioned, the
Blacklist option. All mail addresses which are on this list are rejected. The
Whitelist is exactly the contrary. Both options are rather "weak" to spam since there are sooo many spammer out there, some of them even modify their own sender address.
Another option is to download *only* the header (as df said), but .. well .. is not the best way either. What do you expect to be in the header? A mail address like
[email protected]? Professional spammers do little to go past this spam blocker.
A better way is to check the mail after some keywords like "viagra", "sex", "pills" or anything like this. It often helps but there is yet a better way to do it: for example, it is not unusual that a doctor gets a mail (probably from one of his clients) with a question about "viagra". The spam blocker would restrict that mail. But it would really unusual if a normal person would get it. Therefore, there is a new approach to do it: the
Bayes-Filter. It is some kind of A.I. You have to fill the filter with "ham" (that is, good email) first, next you give it some spam. Now the filter analizes the mails and keeps note which/how many words are in the good mails, same in the bad mails. When a new mail arrives, it checks the mail body and compares it with the other mails. If the probability that the mail is Ham is greated than the probability that the mails is Spam, the mails goes through the filter. If not, the mail is restricted. Quite effective spam filter.
Nevertheless, there is never a 100% anti spam garanty. Sometimes, the spam blocks Ham, sometimes it lets Spam through the filter. It's a bit tricky, that is why I don't use a spam filter at all, it doesn't cost me any time to delete the spam mail
Re:WORM_SOBIG.F
Posted: Tue Aug 26, 2003 2:21 am
by Eero Ränik
Well, I just use e-mail filtering, and I add rules about every spam mail I get...
Re:WORM_SOBIG.F
Posted: Wed Aug 27, 2003 4:31 pm
by df
well mailwasher downloads the first N lines and runs a baysian fillter over it and makrs it depending on its % of 'spam'...
it also runs dns blacklists as well as address blacklists
and address whitelists.
i set it to 20 lines, since most spam is only a few lines.
html mail is automatically junked