Slashdot Mirror
Microsoft Virus Spam: SoBig.F
If you're being barraged with Microsoft virus spam emails today, this story notes that it's a flare-up of an older Microsoft virus in a new, improved form. Yay for trustworthy computing.
← Back to Stories (view on slashdot.org)
If you set your score for MICROSOFT_EXECUTABLE high enough, and these emails with their .pif attachments get sent right to /dev/null
I want to delete my account but Slashdot doesn't allow it.
Here in Norway it seems as "everyone" has got SoBig.F or is getting annoyed with fake emails from someone who has it.
This virus is just a little variation of an older virus, but it differed enough from the older iterations so that anti virus software didn't detect it.
The virus provider Norman reckons that a big organization in Norway has been hit early and that this caused the big numbers here: Norway stands for 36% of the outbreaks of this virus in the world, which is exceptional when you know that only 4 million people live here.
NO MORE GOODTIMES!
There's a new virus that will re-write your hard drive. Not only that, but it will scramble any disks that are even close to your computer. It will recalibrate your refrigerator's coolness setting so all your ice cream goes melty. It will demagnetize the strips on all your credit cards, screw up the tracking on your television and use subspace field harmonics to scratch any CD's you try to play.
It will give your ex-girl or boyfriend your new phone number. It will mix Kool-aid into your fishtank. It will drink all your wine and leave its socks out on the coffee table when there's company coming over. It will put a dead squirrel in the back pocket of your good pants and hide your car keys when you are late for work.
Goodtimes will make you fall in love with a penguin. It will give you nightmares about circus midgets. It will pour sugar in your gas tank and shave off both your eyebrows while dating your girl or boyfriend behind your back and billing the dinner and hotel room to your Discover card.
It will seduce your grandmother. It does not matter if she is dead; such is the power of Goodtimes. It reaches out beyond the grave to sully those things we hold most dear.
It moves your car randomly around parking lots so you can't find it. It will kick your dog. It will leave libidinous messages on your boss's voice mail in your voice! It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.
Goodtimes will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of Methamphetamine in your bathtub and then leave bacon cooking on the stove while it goes out to chase gradeschoolers with your new snowblower.
Goodtimes will prompt your mother to call on Friday and Saturday nights for two months after you make a new girlfriend/boyfriend. It will place your wallet and keys on an obscure shelf in the basement. It will emulate your face and stare into the neighbor's bathroom window.
Goodtimes has been linked to cancer in laboratory mice. 9 out of 10 dentists recommend Goodtimes.
Goodtimes will make your bloomers shrink two sizes, and it will make you gain 15 pounds. If this results in a wedgie, then Goodtimes will leave a nasty skid mark.
... there's an ad for MS Small Business Server 2003 at the top of the article.
It's like advertizing space on a blue screen.
This space for rent.
I should have mentioned this in my last post... if you've got the SoBig.F virus, FSecure has posted a free fix here.
x e
ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.e
We certainly got hammered for a good part of today from a university down south who shall remain anonymous. Contacted their IT/infrastructure department and was told that one of their mail servers got used as a relay, and nobody found out about it until a few hours ago. If I were them I would have shut down their MTA and flushed the queue a long time ago, but that's just me...
I just received one of these today from webmaster@match.com. But I received it on my Hotmail account.
And seeing how Hotmail proudly proclaims on every message:
"Notice: Attachments are automatically scanned for viruses using McAfee Security"
we'll be getting a lot of hotmail users opening it to take a peak
Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
I'm not seeing very many messages with SOBIG, as them get filtered at the mail server.
However, the large number of "Your message to xyz@zyx.com contained a virus" is filling my mail spool faster than any spammer. Seems one of my email addresses is a popular one to spoof.
CALL TO ADMINS: Please turn off viral notifications to outside addresses. These days most of the envelope addresses are spoofed, you're not doing any good leaving the notification in place.
And I thought joe-jobbing was bad.
Anything is possible given time and money.
I'm interested to see if is updated to include info on -f. the -e article was a good eye-opener.
In Soviet Russia...michael would be rotting in Siberia!
OTOH, we could replace the Bill-as-Stephen-Hawking with the bug icon, and no-one would care ;-)
When I am king, you will be first against the wall.
Sobig.B appeared on 2003 May 19 and was programmed to deactivate on May 31.
Sobig.C appeared on 2003 June 01 and was programmed to deactivate on June 08.
Sobig.D appeared on 2003 June 18 and was programmed to deactivate on July 02.
Sobig.E appeared on 2003 June 09 and was programmed to deactivate on July 14.
Sobig.F appeared on 2003 Aug 19 and was programmed to deactivate on Sept 10.
It seems like the Sobig release schedule is more consistent and on-time than ... well ... the software release schedules of a major company we love to hate ;-)
Starting with Office XP you'll see that Outlook automatically blocks attachments ending in PIF, BAT, EXE, etc. This is an absolute that can only be modified through admin policies out in an Exchange folder.
If you are looking for this type of deal I *think* Outlook 2000 has a service pack that installs the attachment blocking.
Hope this helps!
"No I don't."
Because of course they're running anti-virus software. And of course the definitions have never ever been updated.
These same people decide when their PC is two years old that it's just "too screwed up" and go buy and brand-spanking-new one with the same flaws which they will proceed to bugger up in a month in a half.
I wouldn't last a week in tech support.
Won't work. Dumb people are incapable of a realistic self-evaluation. Here's why.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
...that just because you're not using Outlook or Outlook Express, you still may be vulnerable to worms or email viruses?
All it takes is one user to click the attachment who has an LDAP-enabled address book of the entire company, and poof! you're screwed.
The only sensible way to kill these worms is to block them at the mail server. If you block them at the mail server, you don't have to try to train people or keep hundreds of anti-virus clients up-to-date. Do yourself a favor and set up XWall if you have Exchange (this is about the coolest spam-blocker/email filter program I have ever used, BTW) or SpamAssassin/MailScanner if you have Linux/UNIX. This will save you a ton of headaches in the future, and won't require you to worry about hundreds of clients being up-to-date as much as focusing on whether a few email servers are up-to-date. (Block the standard Microsoft "bad executable" list and you should be fine.)
Seriously, in the year 2003, there's no excuse for "But my 400 clients weren't up-to-date!" Block these things at the server, which is something you as the network administrator should have complete control over, and which is where the worms should have been blocked to begin with.
Simpli - Your source for San Jose dedicated servers and colocation!
And in other news... Microsoft announced today that, thanks to a Bill Gates Declaration From On High (tm), every line of code in every Microsoft product, dating back to the company's foundation, has magically, spontaneously, and retroactively fixed itself. This has rendered all of Microsoft's code absolutely secure and error-free. And thanks to the mystical nature of these fixes, end users and sysadmins don't have to patch their systems!
Grow up, Michael.
This sig intentionally left blank.
that's just the thing.
.exe so the user doesn't except it to be an executable because as you say 'but users are used to the whole 8.3 format where executables end with ".exe"'. some even use holes to hide the payload in files that wouldn't normally have executable code at all.
this like others uses other extension from
showing the mimetypes/what the email reader is going to _do_ with it would be much more useful than just displaying the name of the file and telling the user to click on it.
they're educated usually alright, mis-educated.
world was created 5 seconds before this post as it is.
In their zeal to sell the house, MS gave the keys away.
No application scripting language should be able to perform in an "untrusted" mode. There is no reason for it but due to functional designs someone at MS came up it has to be there. Someone demanded that Office documents integrate into Outlook seemlessly and this is what you get.
No one in any Unix environment will believe this message:
Attached is a perl script with my message in it. Please extract and run it to read it.
However MS has made a buisness of making people believe using a computer is as easy and as safe as using a toaster. So you get hackers who can apply a little social engineering to cause a disaster chain of events. Users are more than happy to click click click away when instructed.
Friends don't help friends install M$ junk.
Wow, this must be an old virus if it is written in Fortran.