Announcement

Collapse
No announcement yet.

Sobig question

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #16
    Originally posted by blackwave
    d00d.. it isn't about what os or client you are running... it is about being on a list... once you are on that list the all the shit starts to come to you... regardless of what you are running...
    i am well aware.... but you should all feel happyh knowing that the thing has no way of sending to all the recipiants of my palms address book.
    the fresh prince of 1337

    To learn how to hack; submit your request

    Comment

    • #17
      Originally posted by KeLviN
      i am well aware.... but you should all feel happyh knowing that the thing has no way of sending to all the recipiants of my palms address book.
      of course it can send to all the recipients of your palm's address book. Surely you aren't the only one with the emails of your palm's address book recipients...

      Comment

      • #18
        Originally posted by blackwave
        of course it can send to all the recipients of your palm's address book. Surely you aren't the only one with the emails of your palm's address book recipients...

        stop it. you know what i mean!
        the fresh prince of 1337

        To learn how to hack; submit your request

        Comment

        • #19
          Originally posted by octalpussy
          No, I'm not sure. I don't know what it is, because none of my virus scanners are picking it up. The e-mails it is sending out have subjects of "help" and something about "baby $2000 USD play this game".
          Ah!

          You should:
          1. nmap against your system. Look for all ports below 10000.
          2. Look for "new" services. In particular, open proxies, web servers, IRC servers, and remote control software (current fad: DameWare).


          Option #1: The port scan will find a set of open ports. Either 1180-1185, 2280-2285, or 3380-3385. That's SoBig-A, B-D, and D-E (D changed ports near the end).

          Option #2: You've probably had your system compromised. There are a couple of spam groups that are compromising systems, installing rootkits, and then sending spam. (I cleaned three such systems in the last two weeks, and I've identified a few dozen more.) The rough topics you've listed match one of these groups.

          If this is the case, drop me a PM with your email and we'll take this conversation off-line. (If this is the case, then I really want a copy of some of the emails, as well as the IRC connections logs, DameWare logs, etc... Yes, they leave logging enabled!)

          Having said that... If this is the case, you should:
          1. Copy off all of your personal data.
          2. Reinstall from scratch.

          Comment

          • #20
            Option #3 None of the above.

            It appears to be a Lovelorn variant. Now why my scanners still aren't picking it up, I have no idea.
            the fresh princess of 1338

            What did I do to make you think I give a shit?

            Comment

            • #21
              ya know.. something just occered to me.. with all my years of using Windows (for wich I have suffered more than my fair share of shit) and AOL (don't even get me started with all of THAT) I have yet to contract a virus..... way to go Uber Hackers.. no leave me alone ;)
              If I had a nickle for every time someone offered me ten cents to keep my two cents to myself... I would be a rich man.

              Comment

              • #22
                Originally posted by Siviak
                ya know.. something just occered to me.. with all my years of using Windows (for wich I have suffered more than my fair share of shit) and AOL (don't even get me started with all of THAT) I have yet to contract a virus..... way to go Uber Hackers.. no leave me alone ;)
                This is my first one. I guess I was so used to the security of Linux that I became lax while I was temporarily stuck in the Winders world. Oh well, I'm back in my comfortable environment now.
                the fresh princess of 1338

                What did I do to make you think I give a shit?

                Comment

                • #23
                  Originally posted by Siviak
                  ya know.. something just occered to me.. with all my years of using Windows (for wich I have suffered more than my fair share of shit) and AOL (don't even get me started with all of THAT) I have yet to contract a virus..... way to go Uber Hackers.. no leave me alone ;)
                  regarding SoBig.F as long as someone doesn't have your email addy during their infected state you should be in fine shape, especially if you don't windows yourself. I have yet to get an infection myself, just more these annoyances that are beyond my control with a few of my public email addresses... alas.

                  btw for the ppl that pm'd me about the countdown...

                  here are a couple of links...

                  http://www.wininformant.com/Articles...rticleID=39943
                  http://searchsecurity.techtarget.com...920957,00.html

                  Comment

                  • #24
                    Originally posted by blackwave
                    regarding SoBig.F as long as someone doesn't have your email addy during their infected state you should be in fine shape, especially if you don't windows yourself. I have yet to get an infection myself, just more these annoyances that are beyond my control with a few of my public email addresses... alas.
                    Sorry Blackwave -- not exactly true. Sobig-F also scans files on the computer looking for anything that might be an email address. This includes web cache. Thus, if someone visited defcon.org and then got infected, all those email addresses at defcon.org would be sent the virus. (I'm 90% certain that's how Mr. Florida got both you and me.) You don't need to be in their address book or inbox.

                    Comment

                    • #25
                      semantics on Symantec ;)

                      Originally posted by guano
                      Sorry Blackwave -- not exactly true. Sobig-F also scans files on the computer looking for anything that might be an email address. This includes web cache. Thus, if someone visited defcon.org and then got infected, all those email addresses at defcon.org would be sent the virus. (I'm 90% certain that's how Mr. Florida got both you and me.) You don't need to be in their address book or inbox.
                      Hmm.. I am certain we said the same thing :) scanning would result in procuring the results (during an infected state), in this case being the email addy...

                      Comment

                      • #26
                        Looking over google, the only place where your (Blackwave) email address and mine appear on the same web page is the Defcon 11 slogan contest.

                        Although Mr. Florida has stopped, I'm betting the web logs for the slogan contest will show his IP address... :-)

                        Comment

                        • #27
                          Originally posted by guano
                          Looking over google, the only place where your (Blackwave) email address and mine appear on the same web page is the Defcon 11 slogan contest.

                          Although Mr. Florida has stopped, I'm betting the web logs for the slogan contest will show his IP address... :-)
                          Srry...I don't keep access logs for the WWWD site.
                          perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                          Comment

                          • #28
                            .sobig celebration

                            Hm.
                            Today is the first day I did not receive a single .sobig attachment.

                            *throws party*
                            ======================================
                            DJ Jackalope
                            dopest dj in the galaxy. *mwah!*

                            send in the drop bears!
                            ======================================

                            Comment

                            • #29
                              If it was not for the "Dear Occupant" mail I'd feel totally unloved. :>

                              Comment

                              • #30
                                Originally posted by DJ Jackalope
                                Hm.
                                Today is the first day I did not receive a single .sobig attachment.
                                I'd knock on some wood if I were you ;) ... SoBig.G is said to be expected any day now.

                                Comment

                                Previous 1 2 template Next
                                Working...
                                X