Re: Bounce e-mails

If SoBig is similar to most of the past viruses, they use the from address from somebody in the victim's outlook address book. This way you can't
trace who it's coming from. The best bet is to look at the IP address it came from. You can then find out which ISP it came from. By notifying the ISP of the email date, time, and IP they can determine who sent it.
--
Normen Strobel
snipped-for-privacy@zoominternet.nospam.net
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@bellsouth.net says...

THey aren't from you, unless you are infected. The latest viruses have their own SMTP software and can pluck addresses from all over an infected person system and then builds a message from those addresses. Someone that has your email address on their system is infected and the virus is using your address as a "From" address.
Jim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Not being very computer literate I won't say what is or is not, but this is a true experience. I have always had Norton on this computer. About 6 months ago, AOL shut me down. They gave me a phone number and I made a call. Seems there was some kind of plant in my computer to send out all kinds of email from my computer via a *trojan horse.* Regular Norton had not caught such a plant. Well after a short bit that all got cleared up and I downloaded another system of International Internet Security. Every so often it alerts me to the fact that backdoor entry was attempted but blocked. Good thing is that I can trace the isp numbers right to not only the ISP but right to the source. Bad thing itsometimes screws over something I want to do.
I have had hits from all over the Far East, Korea, Thialand, etc.etc. San Francisco, Seattle, DCA, Germany and Los Angles. This computer age may be the greatest thing, however I could live without it.
I no longer keep any significant financial numbers in my data bases. I don't know and ain't gonna' *larn* enough to protect all that stuff electronically. Jus' keep it in the house where it is protected by a whole lot of big-hole makers.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 28 Aug 2003 21:41:23 GMT, snipped-for-privacy@aol.com (CainHD) wrote:

Most all resources in spent on developing computers have went into making them convenient, fun, and very useful. The lack of resources spent up front by hardware and software developers is coming back to bite them in the butt. Us too!
Bob
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yes. So many, in fact, that the blizzard of bounce messages is creating problems almost as big as the Sobig virus itself.

Yes.
Sobig uses fake From: addresses when it mails itself out. Because of that, bounce messages go to the wrong person.

They aren't.
If someone gets a copy of Sobig from snipped-for-privacy@bar.com, the one thing you can be sure of is it did *not* originate from snipped-for-privacy@bar.com. unfortunately, antivirus autoresponders are too dumb to kow that, and will cheerfully send a message to poor foo, who has no idea what's going on.
--
Rude T-shirts for a rude age: http://www.villaintees.com
Art, literature, shareware, polyamory, kink, and more:
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The SoBig virus is a PITA. Before I figured out how to stop it, I received about 300 messages, some from people incorrectly telling me that I was sending it out. I used Spamcop to break down one of the emails and extracted the originating IP address (www.spamcop.net) The program even put a name with the address and it was a simple matter to notify the network admin of that site. In this particular case, all 300 copies of this virus were coming from the same source, a wireless network with a high speed connection to the 'net. The owner had no clue his systems were infected. Good Luck Bill

of
nothing
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yea, Red. It's the virus. It grabs your screen name from an infected user's mailbox and replicates it. Not much you can do about it.
Dr.1 Driver "There's a Hun in the sun!"
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Dr1Driver wrote:

The best thing to do is ditch Outlook express on YOUIR system, and use something like a NAT proxy firewall to teh 'net. It won't stop you being bombarded with other peoples bounces, but at least you won;t get infected yourself, if you run a decent antivirus and kleep it up to date.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 28 Aug 2003 22:49:33 GMT, snipped-for-privacy@aol.com (Dr1Driver) wrote:

Using good e-mail and AV programs help prevent you from infecting others.
Using a little Freeware called "Sobig Stopper" catches 99.9% of the ones sent to you. It catches them at the server, and kills them. It keeps stats. I have gotten as many as 300 per day. 2 friends got 600 and 1200 in 24 hours.
Bob
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I am using NAV Corporate and Outpost Pro. No virus has got through since installing these. It stops over 10,000 port scans and hack attempts a day.
Shame is, most people have no idea how many times their computer is scanned while online! I should post the last 10 minutes of port scans attempted and shock most of you!
--
Paul McIntosh
Desert Sky Model Aviation
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Red Scholefield wrote:

Took a long time to hit you Red.
Yup. haty happens is that someone who knows you gets infected, and the worm sends pretending to be you (or anyone else on teh infected adress list).
Then loads of messages that are to people he put in wrong, or have ceased to exist, or whose systems have virus scanners are bounced back to YOU.
With luck, your system will bounce thse as having vurus mesages, and you end up with an internet full of bouhcing e-mails, whilst the ones that do get through infect other peoples systems and cause even more mayhem
Neat trick huh?

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Don't know how much it helps, but i have 'mailwasher' as a screener between the servers and my mailbox. It is trainable and i can create filters to get rid of addresses and domains..... so far, it has eased the spam problem noticeably. And right now, i'll get 25 messages which it gleens down to about 5 (which are legit), so it is kicking out 80% of the messages that normally would hit my inbox..... and it does it with a click of the button, or has an automatic setting... I think it works pretty well.
--
.
Arne, CT, USA
.

"The Natural Philosopher" < snipped-for-privacy@b.c> wrote in message
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I hope they make an example of the creep! And when they get him, go after the sobig SOB.
Red S.

hope
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
It looks like they found an 18year old nerd who modified the virus and resent it. I don't think they found the original virus writer. Either way I see jail time as a good punishment.
--
Normen Strobel
snipped-for-privacy@zoominternet.nospam.net
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I got a better idea! How about sitting him at a terminal and fixing everything that he harmed! A few decades doing mundane data work should cure him!
--
Paul McIntosh
Desert Sky Model Aviation
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
With his tongue!

messages
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Polytechforum.com is a website by engineers for engineers. It is not affiliated with any of manufacturers or vendors discussed here. All logos and trade names are the property of their respective owners.