If SoBig is similar to most of the past viruses, they use the from address
from somebody in the victim's outlook address book. This way you can't
trace who it's coming from. The best bet is to look at the IP address it
came from. You can then find out which ISP it came from. By notifying the
ISP of the email date, time, and IP they can determine who sent it.
THey aren't from you, unless you are infected. The latest viruses have
their own SMTP software and can pluck addresses from all over an
infected person system and then builds a message from those addresses.
Someone that has your email address on their system is infected and the
virus is using your address as a "From" address.
Not being very computer literate I won't say what is or is not, but this is a
I have always had Norton on this computer. About 6 months ago, AOL shut me
down. They gave me a phone number and I made a call. Seems there was some kind
of plant in my computer to send out all kinds of email from my computer via a
*trojan horse.* Regular Norton had not caught such a plant.
Well after a short bit that all got cleared up and I downloaded another system
of International Internet Security.
Every so often it alerts me to the fact that backdoor entry was attempted but
blocked. Good thing is that I can trace the isp numbers right to not only the
ISP but right to the source. Bad thing itsometimes screws over something I want
I have had hits from all over the Far East, Korea, Thialand, etc.etc. San
Francisco, Seattle, DCA, Germany and Los Angles.
This computer age may be the greatest thing, however I could live without it.
I no longer keep any significant financial numbers in my data bases. I don't
know and ain't gonna' *larn* enough to protect all that stuff electronically.
Jus' keep it in the house where it is protected by a whole lot of big-hole
On 28 Aug 2003 21:41:23 GMT, email@example.com (CainHD) wrote:
Most all resources in spent on developing computers have went into making
them convenient, fun, and very useful. The lack of resources spent up front
by hardware and software developers is coming back to bite them in the butt.
Yes. So many, in fact, that the blizzard of bounce messages is creating
problems almost as big as the Sobig virus itself.
Sobig uses fake From: addresses when it mails itself out. Because of that,
bounce messages go to the wrong person.
If someone gets a copy of Sobig from firstname.lastname@example.org, the one thing you can be sure
of is it did *not* originate from email@example.com. unfortunately, antivirus
autoresponders are too dumb to kow that, and will cheerfully send a message to
poor foo, who has no idea what's going on.
Rude T-shirts for a rude age: http://www.villaintees.com
Art, literature, shareware, polyamory, kink, and more:
The SoBig virus is a PITA. Before I figured out how to stop it, I received
about 300 messages, some from people incorrectly telling me that I was
sending it out. I used Spamcop to break down one of the emails and
extracted the originating IP address (www.spamcop.net) The program even put
a name with the address and it was a simple matter to notify the network
admin of that site. In this particular case, all 300 copies of this virus
were coming from the same source, a wireless network with a high speed
connection to the 'net. The owner had no clue his systems were infected.
The best thing to do is ditch Outlook express on YOUIR system, and use
something like a NAT proxy firewall to teh 'net. It won't stop you being
bombarded with other peoples bounces, but at least you won;t get
infected yourself, if you run a decent antivirus and kleep it up to date.
On 28 Aug 2003 22:49:33 GMT, firstname.lastname@example.org (Dr1Driver) wrote:
Using good e-mail and AV programs help prevent you from infecting others.
Using a little Freeware called "Sobig Stopper" catches 99.9% of the ones
sent to you. It catches them at the server, and kills them. It keeps stats.
I have gotten as many as 300 per day. 2 friends got 600 and 1200 in 24
I am using NAV Corporate and Outpost Pro. No virus has got through since
installing these. It stops over 10,000 port scans and hack attempts a day.
Shame is, most people have no idea how many times their computer is scanned
while online! I should post the last 10 minutes of port scans attempted and
shock most of you!
Took a long time to hit you Red.
Yup. haty happens is that someone who knows you gets infected, and the
worm sends pretending to be you (or anyone else on teh infected adress
Then loads of messages that are to people he put in wrong, or have
ceased to exist, or whose systems have virus scanners are bounced back
With luck, your system will bounce thse as having vurus mesages, and you
end up with an internet full of bouhcing e-mails, whilst the ones that
do get through infect other peoples systems and cause even more mayhem
Neat trick huh?
Don't know how much it helps, but i have 'mailwasher' as a screener between
the servers and my mailbox. It is trainable and i can create filters to get
rid of addresses and domains..... so far, it has eased the spam problem
noticeably. And right now, i'll get 25 messages which it gleens down to
about 5 (which are legit), so it is kicking out 80% of the messages that
normally would hit my inbox..... and it does it with a click of the button,
or has an automatic setting... I think it works pretty well.
Arne, CT, USA
"The Natural Philosopher" < email@example.com> wrote in message
Polytechforum.com is a website by engineers for engineers. It is not affiliated with any of manufacturers or vendors discussed here.
All logos and trade names are the property of their respective owners.