Slashdot Mirror
Microsoft Virus Spam: SoBig.F
If you're being barraged with Microsoft virus spam emails today, this story notes that it's a flare-up of an older Microsoft virus in a new, improved form. Yay for trustworthy computing.
← Back to Stories (view on slashdot.org)
Here in Norway it seems as "everyone" has got SoBig.F or is getting annoyed with fake emails from someone who has it.
This virus is just a little variation of an older virus, but it differed enough from the older iterations so that anti virus software didn't detect it.
The virus provider Norman reckons that a big organization in Norway has been hit early and that this caused the big numbers here: Norway stands for 36% of the outbreaks of this virus in the world, which is exceptional when you know that only 4 million people live here.
We certainly got hammered for a good part of today from a university down south who shall remain anonymous. Contacted their IT/infrastructure department and was told that one of their mail servers got used as a relay, and nobody found out about it until a few hours ago. If I were them I would have shut down their MTA and flushed the queue a long time ago, but that's just me...
Look. I hate Microsoft, too.
But what the fudge does this have to do with trustworthy computing? It's just another email worm, and it relies heavily on user stupidity, much moreso than the msblaster worm.
Let's be honest: Microsoft is an evil company, that forces an evil product on people, and some of us are going to cheer when Microsoft gets hurt and people get nudged towards other operating systems -- whether it's Microsoft's fault, or not.
Could you just have written "Hey, anything that discourages Windows use!" after the story? I mean, christ, that's exactly what probably a good 90% of people here are thinking when they read these stories.
I just received one of these today from webmaster@match.com. But I received it on my Hotmail account.
And seeing how Hotmail proudly proclaims on every message:
"Notice: Attachments are automatically scanned for viruses using McAfee Security"
we'll be getting a lot of hotmail users opening it to take a peak
Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
I'm not seeing very many messages with SOBIG, as them get filtered at the mail server.
However, the large number of "Your message to xyz@zyx.com contained a virus" is filling my mail spool faster than any spammer. Seems one of my email addresses is a popular one to spoof.
CALL TO ADMINS: Please turn off viral notifications to outside addresses. These days most of the envelope addresses are spoofed, you're not doing any good leaving the notification in place.
And I thought joe-jobbing was bad.
Anything is possible given time and money.
There has been a very large outbreak here, inside the firewall this morning.. This is probably the largest that I can remember, since we do not use Outlook/Outlook express we seem to dodge the big ones. I didn't even think this looked that bad at first glance, it doesn't really try to exploit any security holes to infect the machine. What got us was that the virus scanners were just old enough not to catch this until it was too late. All it really took was one or two people opening the attachment. The new engine didn't get pushed until at least an hour after the first internal case was discovered. By then though, it had spread so quickly that many other hosts had been infected.
Fortunately, I use Mail.app, so I can still check my mail with impunity.
There's a spam/address verificiation message I saw that other day that was pretty clever, though. Some spammers sent a reasonably official-looking letter with Citibank headers, layout, and images telling people to click a link to view and accept a new ToS, or their checking account would be suspended. The link looked something like this:
http://www.citibank.com:A78F...(random hex crap)...A812@127.0.0.1/cgi-bin/c.pl?user=youraddre ss@yourserver.com
So they were logging you in as user www.citibank.com to server 127.0.0.1 (changed, obviously) and sending your email address to a verification script. Damn clever.
Obliteracy: Words with explosions
I wish Mozilla Mail had some setting for this too. It's statistical filtering is great after it's been trained, but it did me no good this morning. By the time I got to work, my inbox had over 5000 new messages. Sure, it's trained now, but I spent over an hour this morning deleting them since I didn't want to delete legit mail too.
:)
So how did I get 5000 new messages? I know I'm not in the address books of that many people who got infected, so this one must be doing dictionary addressing as well as address book addressing. Since my email address is of the format [first initial][lastname]@[a large company].com, and my last name is very common, I got pummelled. Maybe I should switch to a more obscure address.
OTOH, we could replace the Bill-as-Stephen-Hawking with the bug icon, and no-one would care ;-)
When I am king, you will be first against the wall.
Built in obsolescence? Maybe the writer always wants you to have the latest version or something. This also reminds me of the recent musings of a software company we love to hate ;-)
Alright Michael! Way to blame MS for a user issue.
Seriously, there are competant NT admins in the world.
This should be a no-brainer, but if you run MS systems and you often have problems with worms or virii:
1. Keep your virus definitions current. This goes double for any laptop users with broadband at home.
2. More often then not, MS has already released a patch for a security hole before a worm or virus hits. Keep your systems up to date! Again, this goes double for laptop users with broadband.
3. If you're behind a firewall, and you really should be, Only allow outgoing SMTP from your mail server(this keeps the worm from spreading FROM your organization).
4. If you think you don't have time to do these things, make time. You'll waste a lot more time putting out fires than you will doing some fireproofing.
We eat the pig and then together we BURN!!!