[Histonet] Worst week for computer virus!
jlinda <@t> ces.clemson.edu
Wed Aug 20 13:03:16 CDT 2003
Having spent all morning eradicating the "So Big" virus and
"Stinging" my PC to clean it, I just wanted to share some info with
you. DO NOT BLAME THE HISTONET OR YOUR COLLEAGUES FOR THE VIRUS.
Stupid me...I thought a vendor had sent me a new movie of their
equipment and tried to open the movie! Bad mistake:-( Anyhow, here is the
web address of a site that should be helpful:
Part of the article is as follows:
Tuesday, August 19, 2003: A new SoBig variant has sprung forth, sending
huge volumes of infected email to thousands of unlucky recipients. Like its
predecessor, SoBig.E, SoBig.F sifts through files on infected users' drives
to obtain email addresses which in turn are sent the worm. SoBig.F also has
the same insidious twist found with SoBig.E. The worm sends itself as if
"From" one of the addresses found on the infected users' system. This not
only leaves an innocent party dealing with angry email accusing them of
sending the worm, but they also must contend with "out of office" replies
and undeliverable notifications for email they never sent.
Sorin Dudea, Head of Virus Research at BitDefender says he has never seen
such fast spreading in such short time: I have colleagues in the commercial
team that have already received thousands of infected e-mails and they just
keep receiving them", Sorin concluded.
In his technical paper, Sobig.e - Evolution of the Worm, Joe analyzed the
workings of the various variants of SoBig, noting the worm's primary goal
was "to create a massive network of anonymous proxy servers for the purpose
of spam." He further speculates, "This is likely a financial endeavor for
the author alone or perhaps in concert with a gang of criminals, supporting
themselves through spamming, identity theft and bank fraud.
Joe attributes this newest release of SoBig.F to the Blaster worm, noting,
"the Blaster worm caused many people to install antivirus software which
detected and removed previous Sobig infections as well. This probably
severely diminished the number of proxy servers installed by the Sobig
worm, forcing the author to re-release to keep the numbers up."
Hope this is helpful!
Linda Jenkins, HT
Dept. of Bioengineering
Clemson, SC 29634-0905
More information about the Histonet