On Mon, 2003-06-02 at 16:55, Jacob Fugal wrote: > Over the past couple of days and this morning in particular I've > received several emails, most from [EMAIL PROTECTED] addresses with titles such > as "Re: Movie" and "Re: Application". The bodies invariably say > something such as (not verbatim, I'm going off memory) "Please see the > attached file" and a 'pif' file (eg. movie.pif or application.pif) is > attached.
It's an epidemic, I can tell you. > > I obviously ID-ed the messages as probability 95% virus and ignored the > first few. But with four such emails today I decided to actually find > out in order to give information to the afflicted. It appears very > similar to be the [EMAIL PROTECTED] worm, but differs in some aspects. > The most informative site I've been able to find was at the University > of Virginia Information Technology and Communication webpage. The > following two links in particular: According to OIT, it's the SoBIG virus. Fortunately the chemistry department has been stripping dangerous attachments for months, so all of our users are fairly safe. If anyone wants to take a look at this virus, I have several hundred copies quarrantined on my mail server. I can e-mail them to the list if you want... http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] Michael > > Alert/Description: > http://www.itc.virginia.edu/desktop/virus/results.php3?virusID=63 > Fix Details: > http://www.itc.virginia.edu/desktop/virus/fixes.php3?fixID=73&virusID=63 > > However, the description of [EMAIL PROTECTED] claims that the worm is > active only through May 31 and that it spoofs a sending address of > '[EMAIL PROTECTED]'. I have received four seperate emails today > (June 2) with normal addresses (they may still be spoofed, I'm not sure > exactly what to look for in the headers to detect that) but otherwise > matching the [EMAIL PROTECTED] description. Hopefully the above fix will > work for the variant(s) as well. > > Jacob Fugal > > > ____________________ > BYU Unix Users Group > http://uug.byu.edu/ > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list -- Michael L Torrie <[EMAIL PROTECTED]> ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
