Page 1 of 1
Some kind of new friggin' virus using emails from websites...
Posted: Tue Aug 19, 2003 2:37 pm
by FlyingPenguin
I just checked my mail and I've got 140 bounced emails that contain viruses. Return addresses are all from websites I've designed.
Looks like there's a new virus that culls emails from websites that's doing mass mailings this week.
Joy.
I was already in the process of replacing emails on websites with contact forms before this started because spammers also do this, but I've NEVER seen anything like this.
------
EDIT
------
Yup new one, just came out. Here's the poop:
http://securityresponse1.symantec.com/s ... .f@mm.html
I'm up to 200 emails now, most sent to my old webmaster email that's still posted on some websites.
Posted: Tue Aug 19, 2003 7:43 pm
by Hipnotic_Tranz
The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
Atleast they were nice about it
Posted: Tue Aug 19, 2003 8:21 pm
by FlyingPenguin
400+ emails and counting today.
Fortunately all the ones with the virus contain the same message so I've got a mail rule setup to delete them, but I'm also getting a LOT of bounces and autonotification of infected attachments from situations where the virus used my email as the return address.
It's also a hassle if I want to check my mail online when I'm away from home (as I often do during the day at client's offices).
Fucking annoying.
Posted: Tue Aug 19, 2003 8:22 pm
by Pugsley
so other then waste bandwith... what does it do?
Posted: Tue Aug 19, 2003 9:21 pm
by Hipnotic_Tranz
<li>Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
<li>Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
<li>Attempts to remove W32.Blaster.Worm.
http://securityresponse.symantec.com/av ... .worm.html
It fixes your PC :lol
Posted: Tue Aug 19, 2003 9:55 pm
by DocSilly
Hipnotic_Tranz:
You mixed up the viruses this time ... that isn't the Welchia worm you're quoting from, that is the Sobig.F email virus.
FP already posted the correct URL to a detailed description of this new virus.
Posted: Tue Aug 19, 2003 11:07 pm
by Hipnotic_Tranz
Oh I know....I found this other "virus" somewhere else which after a short read seems to remove another virus....thought it was humorous so I posted it
Posted: Tue Aug 19, 2003 11:45 pm
by DocSilly
Ah, I see
Posted: Wed Aug 20, 2003 12:10 pm
by sbp
Thank goodness for MailWasher