Just got off the phone with a small ISP out here in New Mexico.. Looks like one of there users has SoBig.f and is doing the same thing as Scott wrote about.. Not a lot you can do until ISP fix there mail servers to dis-allow this type of activity..
-Denis On Tue, 19 Aug 2003, Rainer Gerhards wrote: > Scott, > > I know this problem, too. Fortunately not (yet) with SoBig.F, but with > other such virii. The answer is simple: I am sending mail to a lot of > people. My mail address is also on a lot of web sites. This provides > excellent material for the virus to find my mail address (and now yours) > and then it can use that address to forge it as the sender address. > > So don't takeit personally. Sit back and relax. Anyhow, there is nothing > you can do against it... > > Rainer > > > -----Original Message----- > > From: Scott Phelps / Dreamwright Studios > > [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 19, 2003 9:01 PM > > To: [EMAIL PROTECTED] > > Subject: [Full-Disclosure] SoBig.F strange problem > > > > > > > > All day today I've been getting copies of SoBig.F. I've > > gotten around 150 copies so far, and a large number of > > postmaster bounces saying that a copy sent from my address > > was undeliverable. > > > > I know that SoBig forges the from address from files it finds > > on the victims machine, but I can't for the life of me figure > > out why I'm the attempted victim for so many other copies. > > I'm not infected with the virus, I'm running antivirus that > > strips the attachment before it lands in my inbox, and I'm > > running a version of outlook that disallows the attachment > > extensions that SoBig uses. I've run manual scans on all of > > my machines, in case of infection through a network share, > > but I don't have any of those from outside either. All the > > emails seem to be coming from different places, but around > > 90% are using a from address of @msu.edu. > > > > Is there some logical explanation why I'm being singled out > > here? My antivirus is driving me insane with popups, so I've > > had to shut down my mail program to get some work done. > > > > I'm sorry for the off topic nature of this question, but this > > makes no sense to me! > > > > Scott > > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
