![]() |
![]() |
#1 | ||
Morgado's Favorite Forum Fascist
Join Date: Oct 2000
Location: Greensboro, NC
|
![]() I've gotten about 15 e-mails already today that look like virus-type e-mails with PIF files attached to them. I've opened none of them of course. Is this that big windows virus? The latest one has the attachment: thank_you.pif attached. What gives?
__________________
The media don't understand the kinds of problems and pressures 54 million come wit'! |
||
![]() |
![]() |
![]() |
#2 |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Do NOT open!!
|
![]() |
![]() |
![]() |
#3 |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Dola.. Just wanted to get that out quickly instead of wasting time on an explanation..
That is the Sobig virus going around. If you double click or open one of those .pif attachments, it will infect your system as well and start spreading... You probably should let those who sent it to you know that their machines may be infected, and it wouldn't hurt for you to run a quick virus scan on your own system just to be sure. (You should be safe if you did not open it) |
![]() |
![]() |
![]() |
#4 |
College Benchwarmer
Join Date: Oct 2000
Location: speak to the trout
|
It's the lastest mass emailing worm (not the recent blaster virus).
__________________
No signatures allowed. |
![]() |
![]() |
![]() |
#5 |
Hall Of Famer
Join Date: Nov 2000
Location: Behind Enemy Lines in Athens, GA
|
I've already posted about this elsewhere, so I'll chime in here too I guess.
This is easily the most prolific virus I have ever seen. I've deleted some three dozen of these already & they're still arriving at a rate of about 2 an hour. Looks like Sobig.f may join it's cousins .a & .b on the top ten virii of all-time.
__________________
"I lit another cigarette. Unless I specifically inform you to the contrary, I am always lighting another cigarette." - from a novel by Martin Amis |
![]() |
![]() |
![]() |
#6 |
This guy has posted so much, his fingers are about to fall off.
Join Date: Nov 2000
Location: In Absentia
|
I left to grab lunch at 11:45 and came back around 12:20, and had 15 messages to delete. Our office is getting hit big time.
__________________
M's pitcher Miguel Batista: "Now, I feel like I've had everything. I've talked pitching with Sandy Koufax, had Kenny G play for me. Maybe if I could have an interview with God, then I'd be served. I'd be complete." |
![]() |
![]() |
![]() |
#7 |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Prolific...that is an understatement.
So far in 2 days, the sobig worm has accounted for a little over 45,000 emails that I have caught in my virus filters. Thats good for about 72% of all virus activity this entire week (and the bulk of that was just in 2 days time) |
![]() |
![]() |
![]() |
#8 |
Lethargic Hooligan
Join Date: Oct 2000
Location: hello kitty found my wallet at a big tent revival and returned it with all the cash missing
|
I lost my wazoo in a freak batting machine accident back in 1979.
__________________
donkey, donkey, walk a little faster |
![]() |
![]() |
![]() |
#9 | |
College Benchwarmer
Join Date: Jun 2001
Location: Grafton, WI
|
Quote:
Ouch. That can't be healthly. |
|
![]() |
![]() |
![]() |
#10 | |
Hattrick Moderator
Join Date: Jan 2003
Location: Pintendre, Qc, Canada
|
Quote:
Alan, correct me if I'm wrong, but is it possible that a virus like that can kind of fake the sender's email address. I mean I'm getting it from people I don't know, at all... FM
__________________
A Black Belt is a White Belt who refused to give up... follow my story: The real life story of a running frog... |
|
![]() |
![]() |
![]() |
#11 |
High School Varsity
Join Date: Sep 2001
Location: Seattle
|
The biggest problem I've got is that I'm getting HUGE numbers of e-mails from people telling me that I've got it and to stop sending it to them. What's happening is, it's spoofing addresses from our website and using that as the To address. So my users are getting 10-15 e-mails an hour saying that we've sent so-and-so the virus. But, the e-mail is addressed to boxes that don't send outbound mail.
|
![]() |
![]() |
![]() |
#12 |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Yes, that is possible. (I do not recall if this is a virus that does that off the top of my head) Generally the only way to find out who has the virus in those cases is to figure out what you have in common with the other side and who might be a likely candidate... If you do not even know who the address is, then it probably is not worth your time, and you should just delete the message and move on.
Even though those mails fake the sender's addresses, the information on where it is sent from still remains inside the email, so if you are technically apt and have time, you can find out that information and contact the real sender.. As an example I once had one that was addressed from someone in one of my ootp leagues, but the mail header led me to who the correct person was (Someone else in the same league). If you don't have time or desire though, you should probably just delete it and move along.. |
![]() |
![]() |
![]() |
#13 | |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Quote:
Right, the way email worms that spoof the sender usually work is as follows: 1) Person gets infected with the worm 2) The worm opens the user's address book (because the user chose to never patch their applications for known vulnerabilities). 3) Once the worm has the address book open, it picks two names from the address book. One becomes the sender, one becomes the receiver on the email it sends out. 4) once done, it goes through that process again with new individuals. So when you get a worm that does this, basically you were in the same person's address book as the sender was. |
|
![]() |
![]() |
![]() |
#14 |
Norm!!!
Join Date: Nov 2000
Location: Manassas, VA
|
Heres a link to an article that explains whats going on today.
Article here Also... as others have said, even though it spoofs the address(as far as the person), it doesnt spoof the SMTP details. You can look at the message source of an email and get a better idea of where it actually came from. Last edited by heybrad : 08-20-2003 at 12:14 PM. |
![]() |
![]() |
![]() |
#15 |
This guy has posted so much, his fingers are about to fall off.
Join Date: Nov 2000
Location: In Absentia
|
Are we sure this is the Sobig virus, or could this be the work of mrskippy's attorney?
__________________
M's pitcher Miguel Batista: "Now, I feel like I've had everything. I've talked pitching with Sandy Koufax, had Kenny G play for me. Maybe if I could have an interview with God, then I'd be served. I'd be complete." |
![]() |
![]() |
![]() |
#16 |
Hall Of Famer
Join Date: Nov 2000
Location: Behind Enemy Lines in Athens, GA
|
With our number of IT pros & other 'net gurus around here, I figure I'll ask ... is this an "Outlook only" virus or are Netscape/Mozilla/other email programs vulnerable as well?
As I understand how this works, I believe it's the latter. But I'm feeling a little better since I've got my Netscape mail pgm set to never auto-open attachments, so I should be safe as I long I don't double-click anything. Right?
__________________
"I lit another cigarette. Unless I specifically inform you to the contrary, I am always lighting another cigarette." - from a novel by Martin Amis |
![]() |
![]() |
![]() |
#17 | |
Lethargic Hooligan
Join Date: Oct 2000
Location: hello kitty found my wallet at a big tent revival and returned it with all the cash missing
|
Quote:
you should be
__________________
donkey, donkey, walk a little faster |
|
![]() |
![]() |
![]() |
#18 |
Norm!!!
Join Date: Nov 2000
Location: Manassas, VA
|
If you have all of the updates to Outlook Express no attachment would autorun.
I have people in our office who do everything they can to try and run these attachments even when their virus checker kicks in and when I ask them why they would click on something that they have no clue what it is or who its from, they respond... "How am I going to find out what it is unless I click on it?" Stupidity knows no boundaries in my office. Last edited by heybrad : 08-20-2003 at 12:55 PM. |
![]() |
![]() |
![]() |
#19 |
This guy has posted so much, his fingers are about to fall off.
Join Date: Nov 2000
Location: In Absentia
|
That's something that's always confused me...if you don't know who it's from and/or what it's about, why would you open it?
I handle all incoming email by following these three rules: If it's from someone in my office, I call them and ask them what it is. If it's from someone I know but I don't recognize the subject, I send them a separate email and ask them what it is. If it's from someone I don't know and has an attachment, I delete the f*cker.
__________________
M's pitcher Miguel Batista: "Now, I feel like I've had everything. I've talked pitching with Sandy Koufax, had Kenny G play for me. Maybe if I could have an interview with God, then I'd be served. I'd be complete." |
![]() |
![]() |
![]() |
#20 |
Registered User
Join Date: Nov 2001
Location: Here
|
My school had to set up new filters today to block all image attachments because the server was getting hit with so many emails.
|
![]() |
![]() |
![]() |
#21 |
Hall Of Famer
Join Date: Nov 2000
Location: Behind Enemy Lines in Athens, GA
|
While we're on the subject, what the heck (other than an extension that's connected to this virus) is a .pif or .src file anyway?
__________________
"I lit another cigarette. Unless I specifically inform you to the contrary, I am always lighting another cigarette." - from a novel by Martin Amis |
![]() |
![]() |
![]() |
#22 | |
Norm!!!
Join Date: Nov 2000
Location: Manassas, VA
|
Quote:
.PIF = Program Information File .SRC = A file used in the creation of .INI files for configuration settings. |
|
![]() |
![]() |
![]() |
#23 |
Morgado's Favorite Forum Fascist
Join Date: Oct 2000
Location: Greensboro, NC
|
Yeah....I'm up to three or four per hour now.
__________________
The media don't understand the kinds of problems and pressures 54 million come wit'! |
![]() |
![]() |
![]() |
#24 |
Banned
Join Date: Oct 2000
Location: California
|
I haven't got one.
![]() Having good ol' Norton check each and every e-mail that comes my way sure helps. If it's a virus infected message, Norton chucks it. |
![]() |
![]() |
![]() |
#25 |
General Manager
Join Date: Oct 2000
Location: The Satellite of Love
|
mrskippy, nobody likes you, so you're not in anyone's address book. That's why you haven't gotten one.
![]() |
![]() |
![]() |
![]() |
#26 |
College Starter
Join Date: Aug 2001
Location: SE
|
I've gotten roughly 50-60 in the last day.
__________________
GM RayCo Raiders-est. 2004-2012 Charter member of the IHOF-RayCo GM GM Tennessee Titans PFL 2011-2014 GM Tennessee Titans FOWL 2020-2025 |
![]() |
![]() |
![]() |
#27 | |
Banned
Join Date: Oct 2000
Location: California
|
Quote:
I'm in lots of address books. ![]() |
|
![]() |
![]() |
![]() |
#28 |
Head Coach
Join Date: Oct 2000
Location: Colorado
|
How does our village idiot keeps causing so much loss of brain cells?
|
![]() |
![]() |
![]() |
#29 | |
Banned
Join Date: Oct 2000
Location: California
|
Quote:
How come you don't know how to type? |
|
![]() |
![]() |
![]() |
#30 | |
Pro Rookie
Join Date: Dec 2001
Location: VA
|
Quote:
Loss of said brain cells.
__________________
Chicago Eagles 2 time ZFL champions We're "rebuilding" |
|
![]() |
![]() |
![]() |
#31 |
Banned
Join Date: Oct 2000
Location: California
|
If you guys are getting this many virus hits you may want to check your virus definitions. And make sure Norton is set to kill.
|
![]() |
![]() |
![]() |
#32 |
Banned
Join Date: Oct 2000
Location: California
|
Dola.
I shouldn't say I haven't got any. I just never see them. Because of the way my settings are. According to my logs I've got several dozen. Oh, and I've also got something even better, Denial Of Service attacks on my PC. |
![]() |
![]() |
![]() |
#33 |
Hall Of Famer
Join Date: Nov 2000
Location: The State of Insanity
|
What it does is: takes an effected machine, and scans their Outlook box and all their cached web pages for email addresses.
It "spoofs" (or pretends to be) one of the email addresses and sends out to all the other emails it can find. So do NOT report such email, they're just an innocent bystander ![]()
__________________
Check out Foz's New Video Game Site, An 8-bit Mind in an 8GB world! http://an8bitmind.com |
![]() |
![]() |
![]() |
#34 |
Head Coach
Join Date: Oct 2000
Location: Colorado
|
Three advice:
1. Install a router with a hardware firewall (not a software firewall). 2. Switch to a more secure email account that can actively block most things (like AT&T). 3. Keep up with the Windows Update. As long as you don't do something stupid with any emails that do come through or download any crap, you don't even need a virus checker if follow the three advice above. It's good to have one just in case but it's better to stop the disease before it hits than to treat the problem it can cause. |
![]() |
![]() |
![]() |
#35 |
Banned
Join Date: Oct 2000
Location: California
|
That's good advice Buc. I've got a firewall on my router, than I've got Norton Internet Security. I have Windows automatically update on its own. And I have Norton Antivirus. The Norton software is kept up to date, as are teh definitions.
The one thing from what I understand is this or another current virus tries to do port scans for the purpose of doing a denial of service attack. This is what I was getting over the weekend. Fortunately my dual firewall stopped it. I was reading last night that because of all these viruses of the past week or two the Internet has at times slowed down and its been tough to reach certain sites. |
![]() |
![]() |
![]() |
#36 |
Morgado's Favorite Forum Fascist
Join Date: Oct 2000
Location: Greensboro, NC
|
Ummmm....BAD IDEA!!! If I installed a firewall and blocked everything, then I'd never know which of the soccer moms in my community that I'd never want to hire as my part-time secretary or do volunteer data entry in my office!!! When I get a virus e-mail from one of 'em (a whole bunch from said soccer moms today), I just cross 'em off the call list.
![]()
__________________
The media don't understand the kinds of problems and pressures 54 million come wit'! |
![]() |
![]() |
![]() |
#37 |
Banned
Join Date: Oct 2000
Location: California
|
Those pesky soccer moms!!!
Rule #1: Never let women open e-mail. They'll open anything. ![]() You don't have to set the firewall to block everything. For example, I give it full permission to treat this site as "friendly" meaning that SkyDog could install malicious script on this forum and the firewall would allow it. |
![]() |
![]() |
![]() |
#38 |
Morgado's Favorite Forum Fascist
Join Date: Oct 2000
Location: Greensboro, NC
|
Dola.....
I also cross them off the list when I get a "if you are not ashamed of Jesus, then you'll forward this message along to at least 10 people" e-mail. No thank you, very much. If you love Jesus, you'll live a life that honors him and speaks of his presence in your life. You'll love others into the Kingdom of God, not attempt to annoy them into the Kingdom.
__________________
The media don't understand the kinds of problems and pressures 54 million come wit'! Last edited by Ben E Lou : 08-20-2003 at 07:38 PM. |
![]() |
![]() |
![]() |
#39 | |
Banned
Join Date: Oct 2000
Location: California
|
Quote:
I hate chain e-mail!!! |
|
![]() |
![]() |
![]() |
#40 | |
College Benchwarmer
Join Date: Jun 2001
Location: Grafton, WI
|
Quote:
LOL. Love this quote. I think I might pass this along to our pastor. i think he will get a big kick out of it. |
|
![]() |
![]() |
![]() |
#41 |
Head Coach
Join Date: Dec 2002
Location: Maryland
|
Are you saved yet?
Yes. Are you saved yet? Yes. Are you saved yet? YESSSSS! |
![]() |
![]() |
![]() |
#42 | |
Banned
Join Date: Oct 2000
Location: California
|
Quote:
One of the Jerusalem Post columnists had an interesting piece the other day about the relationship between Jews and Christians in the defense of Israel in its fight with the Arabs. Basically it talked about how some Jews believe Christians side with Israel because they want to see the end time battle. And how other Jews merely say the Christians are just out to convert them. But the author of the article went on to say there are many Christians who lay down the idea of conversion and just trying to bring on the end of the world in favor of just doing the right thing, admitting that Israel is the land God gave to the Jews. Amazing how just being yourself can have on improving relations. The writer did a very nice job. Unfortunately the story is only available through paid archives now or I would link to it. It was only from last Friday, which surprises me since most news sites keep it free for a week. If I can find it, I'll link to it. It's really an excellent read. |
|
![]() |
![]() |
![]() |
#43 |
High School JV
Join Date: May 2002
Location: Travis AFB, CA
|
how come i never get emails like this... can it be that aol filters this out ... i am on a aol addy
|
![]() |
![]() |
![]() |
#44 |
Hall Of Famer
Join Date: Sep 2002
Location: Troy, Mo
|
DO NOT forget this link either:
Microsoft office product updates 1. Update virus updates weekly, if you have NAV do this on Wednesday as this is the day new virus updates come out unless a major virus pops up. 2. Run Microsoft windows update at least once a week and install ALL securtiy updates. 3. Run the link above to make sure all your office products are up to date. As posted before, use a firewall if you have cable or DSL. A router usually has a built in firewall, ie: Linksys. Disable file and printer sharing on your network connection, especially if your a single pc user at home and use cable or DSL. Read the book I just mentioned above, it really has some insight on how viruses make it onto your pc. Todd |
![]() |
![]() |
![]() |
#45 | |
Banned
Join Date: Oct 2000
Location: California
|
Quote:
There is a feature in Windows Update where you can have it automatically search for and download updates. When these updates are ready to install, a little Icon will appear in the task manager/bar thing in the lower right corner. And a little bubble will pop up saying new updates are ready. Sometimes it goes awhile without a critical update. Other times, like it is now with these viruses and security flaws, it's more frequent. However, you'll still need to use Windows Update for those non-critical updates. But you don't need to run that as often. Usually these are for new versions of IE, Media Player, Messenger, etc., drivers, or other non-essential items. The critical updates are the most important thing. |
|
![]() |
![]() |
![]() |
#46 |
Hall Of Famer
Join Date: Sep 2002
Location: Troy, Mo
|
I hate having Windows do anything on its own. It's a regular process for me on Saturday mornings and with DSL only takes about 5 mins.
1, 2, 3, done. Todd |
![]() |
![]() |
![]() |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
|
|