[Steppes] Virus making the rounds

ironwyrm@juno.com ironwyrm at juno.com
Wed Aug 20 15:51:50 PDT 2003 

I send an attachment file to the list that will rid people of the current
virus going around, but it's currently being held by the moderator for
review.  If you have the problem and no antivirus software sorry, be
patient maybe the moderator will release it soon.

It did get rid of my problem!

Ironwyrm


On Wed, 20 Aug 2003 17:59:07 +0000 "Kevin Black" <kblack4 at hotmail.com>
writes:
> Actually that's not quite true.  While it may be spoofing the return 
> address 
> it is in fact spreading as a worm and gathering address book info, 
> there are 
> also variants of the Re. Details (re. movie, re. thanks etc.):
> 
> <cut and paste>
> 
> NEW YORK - A new strain of one of the most virulent e-mail viruses 
> ever 
> spread quickly worldwide Tuesday morning, causing fresh annoyance to 
> users 
> worn out by last week's outbreak of the Blaster worm.
> 
> The new virus, named "Sobig.F" by computer security companies, 
> attacks 
> Windows users via e-mail and file-sharing networks. It also deposits 
> a 
> Trojan horse, or hacker back door, that can be used to turn victims' 
> PCs 
> into senders of spam e-mail.
> 
> MessageLabs Inc., a company that filters e-mail for corporations, 
> had 
> blocked more than 100,000 copies of Sobig.F by midday Tuesday, 
> making it by 
> far the most active virus of the day.
> 
> "It's definitely spreading very quickly, just an incredible ramp-up 
> so far 
> this morning," said Brian Czarny, marketing director at MessageLabs. 
> The 
> variant is likely to be one of the more successful versions of a 
> very 
> successful virus strain, he said.
> 
> The previous Sobig.A and Sobig.B variants are both on MessageLabs' 
> list of 
> the biggest 10 e-mail viruses of all time.
> 
> The e-mail message that carries Sobig.F has the subject line "Re: 
> Details" 
> and the message "Please see attached file for details." If a 
> recipient 
> clicks on the attachment, which can have multiple names ending in 
> the .pif 
> file extension, the computer will be infected.
> 
> The virus will then send itself out to names found in the victim's 
> address 
> book and will use one of these names to forge a return address. As 
> such, the 
> infected party may not quickly learn of the infection, while an 
> innocent 
> party may get the blame for helping to propagate it.
> 
> 
> 
> Hubert d'Aiguës-Mortes
> Qui fait plus, mieux vaux
> 
> 
> 
> 
> >From: "Chiara" <chiara at io.com>
> >Reply-To: chiara at io.com,   "Barony of Steppes - SCA,Inc." 
> ><steppes at ansteorra.org>
> >To: <steppes at ansteorra.org>
> >Subject: Re: [Steppes] Virus making the rounds
> >Date: Wed, 20 Aug 2003 11:17:29 -0500 (CDT)
> >MIME-Version: 1.0
> >Received: from mc4-f31.law16.hotmail.com ([65.54.237.166]) by 
> >mc4-s3.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); 
> Wed, 20 Aug 
> >2003 10:11:27 -0700
> >Received: from blackstar.ansteorra.org ([216.62.214.29]) by 
> >mc4-f31.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); 
> Wed, 20 
> >Aug 2003 10:09:37 -0700
> >Received: from blackstar.ansteorra.org (localhost.localdomain 
> >[127.0.0.1])by blackstar.ansteorra.org (8.11.6/8.11.6) with ESMTP 
> id 
> >h7KH8ua01066;Wed, 20 Aug 2003 12:08:56 -0500
> >Received: from hiram.io.com (hiram.io.com [199.170.88.27])by 
> >blackstar.ansteorra.org (8.11.6/8.11.6) with ESMTP id 
> h7KGGTa31896for 
> ><steppes at ansteorra.org>; Wed, 20 Aug 2003 11:16:29 -0500
> >Received: from 
>
>webmail.io.com(IDENT:P0vJchdyDwAqsUr2Gxhp64Wccn9zi6QX at columbia.io.com[19
9.170.88.107])by 
> 
> >hiram.io.com (8.11.2/8.11.2) with ESMTP id h7KGGDL27689for 
> ><steppes at ansteorra.org>; Wed, 20 Aug 2003 11:16:13 -0500
> >Received: from io.com (webmail [127.0.0.1])by webmail.io.com 
> >(8.12.8/8.12.8) with SMTP id h7KGHTTj029252for 
> <steppes at ansteorra.org>; 
> >Wed, 20 Aug 2003 11:17:29 -0500
> >Received: from 199.50.29.42 (SquirrelMail authenticated user 
> ches)by 
> >webmail.io.com with HTTP; Wed, 20 Aug 2003 11:17:29 -0500 (CDT)
> >X-Message-Info: MxAodtZPLiQ6HPHOc8rBiV8e6TqWwlBgkcE8BFfTC+8=
> >Message-ID: 
> <36535.199.50.29.42.1061396249.squirrel at webmail.io.com>
> >In-Reply-To: <002501c36728$78cd9e80$28768d42 at prodigy.net>
> >References: <002501c36728$78cd9e80$28768d42 at prodigy.net>
> >X-Priority: 3
> >Importance: Normal
> >X-Mailer: SquirrelMail (version 1.2.11)
> >X-Mailman-Approved-At: Wed, 20 Aug 2003 12:08:54 -0500
> >X-BeenThere: steppes at ansteorra.org
> >X-Mailman-Version: 2.1.2
> >Precedence: list
> >List-Id: Barony of Steppes - SCA, Inc.  <steppes.ansteorra.org>
> >List-Help: <mailto:steppes-request at ansteorra.org?subject=help>
> >List-Post: <mailto:steppes at ansteorra.org>
> >List-Subscribe: 
>
><http://www.ansteorra.org/mailman/listinfo/steppes>,<mailto:steppes-requ
est at ansteorra.org?subject=subscribe>
> >List-Archive: <http://www.ansteorra.org/pipermail/steppes>
> >List-Unsubscribe: 
>
><http://www.ansteorra.org/mailman/listinfo/steppes>,<mailto:steppes-requ
est at ansteorra.org?subject=unsubscribe>
> >Sender: steppes-bounces at ansteorra.org
> >Errors-To: steppes-bounces at ansteorra.org
> >Return-Path: steppes-bounces at ansteorra.org
> >X-OriginalArrivalTime: 20 Aug 2003 17:09:40.0241 (UTC) 
> >FILETIME=[D77C2810:01C3673D]
> >
> >Actually, the flavor of this one is rather bad. It is a spoofer. 
> It
> >started two nights ago and is still going strong. It is originating 
> in
> >China and it is spoofing specific ISP's. Unfortunately mine is one 
> of
> >them.
> >
> >It does not mean that I am infected or that my ISP is infected. It 
> means
> >that they have taken the ending of many internet companies and 
> attached it
> >to mail addresses and sent the thing out. AOL and ansteorra.org are 
> also
> >being abused in this manner. Again, we are not infected, just 
> being
> >abused.
> >
> >However it does not hurt to be covered and covered we are. :)
> >
> >Chiara
> >
> >
> >_______________________________________________
> >Steppes mailing list
> >Steppes at ansteorra.org
> >http://www.ansteorra.org/mailman/listinfo/steppes
> 
> _________________________________________________________________
> <b>Get MSN 8</b> and help protect your children with advanced 
> parental 
> controls.  http://join.msn.com/?page=features/parental
> 
> _______________________________________________
> Steppes mailing list
> Steppes at ansteorra.org
> http://www.ansteorra.org/mailman/listinfo/steppes
> 
> 

________________________________________________________________
The best thing to hit the internet in years - Juno SpeedBand!
Surf the web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!

More information about the Steppes mailing list