Re: Bounce e-mails

If SoBig is similar to most of the past viruses, they use the from address from somebody in the victim's outlook address book. This way you can't trace who it's coming from. The best bet is to look at the IP address it came from. You can then find out which ISP it came from. By notifying the ISP of the email date, time, and IP they can determine who sent it.

Reply to
Normen Strobel
Loading thread data ...

THey aren't from you, unless you are infected. The latest viruses have their own SMTP software and can pluck addresses from all over an infected person system and then builds a message from those addresses. Someone that has your email address on their system is infected and the virus is using your address as a "From" address.

Jim

Reply to
James Beck

Not being very computer literate I won't say what is or is not, but this is a true experience. I have always had Norton on this computer. About 6 months ago, AOL shut me down. They gave me a phone number and I made a call. Seems there was some kind of plant in my computer to send out all kinds of email from my computer via a

*trojan horse.* Regular Norton had not caught such a plant. Well after a short bit that all got cleared up and I downloaded another system of International Internet Security. Every so often it alerts me to the fact that backdoor entry was attempted but blocked. Good thing is that I can trace the isp numbers right to not only the ISP but right to the source. Bad thing itsometimes screws over something I want to do.

I have had hits from all over the Far East, Korea, Thialand, etc.etc. San Francisco, Seattle, DCA, Germany and Los Angles. This computer age may be the greatest thing, however I could live without it.

I no longer keep any significant financial numbers in my data bases. I don't know and ain't gonna' *larn* enough to protect all that stuff electronically. Jus' keep it in the house where it is protected by a whole lot of big-hole makers.

Reply to
CainHD

Yes. So many, in fact, that the blizzard of bounce messages is creating problems almost as big as the Sobig virus itself.

Yes.

Sobig uses fake From: addresses when it mails itself out. Because of that, bounce messages go to the wrong person.

They aren't.

If someone gets a copy of Sobig from snipped-for-privacy@bar.com, the one thing you can be sure of is it did *not* originate from snipped-for-privacy@bar.com. unfortunately, antivirus autoresponders are too dumb to kow that, and will cheerfully send a message to poor foo, who has no idea what's going on.

Reply to
Tacit

The SoBig virus is a PITA. Before I figured out how to stop it, I received about 300 messages, some from people incorrectly telling me that I was sending it out. I used Spamcop to break down one of the emails and extracted the originating IP address

formatting link
The program even put a name with the address and it was a simple matter to notify the network admin of that site. In this particular case, all 300 copies of this virus were coming from the same source, a wireless network with a high speed connection to the 'net. The owner had no clue his systems were infected. Good Luck Bill

Reply to
me

Yea, Red. It's the virus. It grabs your screen name from an infected user's mailbox and replicates it. Not much you can do about it.

Dr.1 Driver "There's a Hun in the sun!"

Reply to
Dr1Driver

Took a long time to hit you Red.

Yup. haty happens is that someone who knows you gets infected, and the worm sends pretending to be you (or anyone else on teh infected adress list).

Then loads of messages that are to people he put in wrong, or have ceased to exist, or whose systems have virus scanners are bounced back to YOU.

With luck, your system will bounce thse as having vurus mesages, and you end up with an internet full of bouhcing e-mails, whilst the ones that do get through infect other peoples systems and cause even more mayhem

Neat trick huh?

Reply to
The Natural Philosopher

The best thing to do is ditch Outlook express on YOUIR system, and use something like a NAT proxy firewall to teh 'net. It won't stop you being bombarded with other peoples bounces, but at least you won;t get infected yourself, if you run a decent antivirus and kleep it up to date.

Reply to
The Natural Philosopher

Don't know how much it helps, but i have 'mailwasher' as a screener between the servers and my mailbox. It is trainable and i can create filters to get rid of addresses and domains..... so far, it has eased the spam problem noticeably. And right now, i'll get 25 messages which it gleens down to about 5 (which are legit), so it is kicking out 80% of the messages that normally would hit my inbox..... and it does it with a click of the button, or has an automatic setting... I think it works pretty well.

Reply to
arnereil

I hope they make an example of the creep! And when they get him, go after the sobig SOB.

Red S.

Reply to
Red Scholefield

Most all resources in spent on developing computers have went into making them convenient, fun, and very useful. The lack of resources spent up front by hardware and software developers is coming back to bite them in the butt. Us too!

Bob

Reply to
Bob Adkins

Using good e-mail and AV programs help prevent you from infecting others.

Using a little Freeware called "Sobig Stopper" catches 99.9% of the ones sent to you. It catches them at the server, and kills them. It keeps stats. I have gotten as many as 300 per day. 2 friends got 600 and 1200 in 24 hours.

Bob

Reply to
Bob Adkins

I am using NAV Corporate and Outpost Pro. No virus has got through since installing these. It stops over 10,000 port scans and hack attempts a day.

Shame is, most people have no idea how many times their computer is scanned while online! I should post the last 10 minutes of port scans attempted and shock most of you!

Reply to
Paul McIntosh

It looks like they found an 18year old nerd who modified the virus and resent it. I don't think they found the original virus writer. Either way I see jail time as a good punishment.

Reply to
Normen Strobel

I got a better idea! How about sitting him at a terminal and fixing everything that he harmed! A few decades doing mundane data work should cure him!

Reply to
Paul McIntosh

With his tongue!

Reply to
Six_O'Clock_High

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.