MS Worm Alert!

Re: 2 parts

just got an email masquerading as a bounced email, the virus is in the email that purportedly bounced as an attachment with the subject line "That movie" The attachment is called application.pif, its about 1K in size. Nothing new or particularly clever, just like the majority of computer users.

Anyone want it?

Re: Re: 2 parts

Please, Ill PM you my email.

One of my favorite viruses of all time isnt really a virus. Tar up a couple gigs of 0's and send it to someone. Let them extract it, most people will do it blindly. A few years ago it would severely hang the persons machine, as well as eat up all their disk space. Most new PC's can handle it now though. :(
"Fun"

Re: Re: Re: 2 parts

That's an old trick, we would generate a 1Mx1M jpeg of all white pixels, compress it down to nothing and send it out on an email with munged headers. People would call about their computer crashing then we would get to lecture them about opening files from strangers. :D

Re: Re: 2 parts

It's now up at www.c2security.org/virus/msblast.pif.zip

audit

Re: Re: 2 parts

That sounds like Sobig-f. Are you sure you have the right virus? (Sobig is a worm...)

Re: Re: Re: 2 parts

thanks :) now seeking the anti-worm :D

Re: Re: Re: 2 parts

Yep you are right, I jumped the gun. Its definitely a sobig variant after taking a closer look at it. Sorry for the false alarm, too much msblast on my mind.

Email virus propogation

Some people get email viruses on a daily basis, some are lucky and get none (loners?, good email practices?). But today, I seem to have gotten an overly unusual amount at work in one of my mailing lists, and some on my freemail account. This seems kinda high, all things concidering. Further, it looks like someone spoofed my works email list, and these emails are going to it as a reply from some dumass who opened the pif file. But then again, they all look like fake emails going to my work email as an email attack.

I am aware of "it will look at your mail contacts, and send an email from you to all them to spread the virus", but this mailing list is not exactly the type to be on people's address books. Further, it's a mailing list, why would I get "message failed to deliver to x@y.com" replies. Yes yes, email spoofing, using our email server to funnel emails ya ya ya (too bad port 25 is not accessible from outside world). It just doesn't add up this time around.

Go ahead and slap me for "you dumass, you don't know email spam, get out of here". But enlighten me, email spam/virii/DoS is not really my "in the know" topic. Can someone explain the pice that I am missing, or am I standing in a big pile of the answer and being reduntant reduntant?


Virus in question: W32.Sobig.F@mm
Doucment name: document_all.pif
Typical subject lines: "Last nights movie" "RE: Details"

yeah i was reading about that not to long ago on yahoo*

as if spam alone wasn't annoying enough now they have this...i'm sure more will coming...back in 99 they had so many of them or so it seemed, the media hype i guess.

i actually wanted to see blaster do more damage to microsoft, maybe some other time.

*http://story.news.yahoo.com/news?tmp...e_mail_virus_1

Why? What is your personal beef with Microsoft that would cause you to say this. A blanket statement like this needs facts to back it up. Worms/virus' are stupid. Most of them could be written by a 7 year old, so why would you want one to "do more damage"?

Re: Email virus propogation


Symantec Downgraded the threat a little while ago for the Sobig Worm. But Recently (Like within the past week), there has been a major resurgence of the worm. As long as you keep good email practices, then you should be good.

http://www.c2security.org/virus/nachi.zip

I was told that this is the "good" worm that is cleaning up systems. Can anyone verify this?

audit

Thanks audit, throwing it in a hex editor you can see right away that svchost has Tftpd embedded in it (poorly compressed if that)

<rant> damned worms and viruses... today was the first day I got a shitload of these in my mailboxes, more than I could ever want.... I have gotten like around 40 .pif files ... people please stop clicking them, emails aren't crackerjack boxes... there is no goddamned prize in that .pif!!!! - shit... btw, if you are prone to clicking things out of the blue PLEASE take me out of your address books!... and someone has to give a tutorial on how to read headers... damn this mayhem! </rant>

ahhh.... KeLviN's carefull avoidance of all thing unknown in mailbox has paid off.....

BW, you dont strike me as someone who would give his email out to .........the less than retarded.

how did this happen?!