Virus Question...
LawnMM
Colorado
How hard would it be to send out email so it would appear to the recipients that it was from somebody other than yourself?
I got two auto return emails from mail servers that were undeliverable because the emails were apparently infected. I also got one back from a system administrator at some university saying the same thing.
Here's the catch...I don't have the damn Sobig virus. I've kept my definitions updated. Scanned for it several times. Checked for the registry entries and locations it supposedly copies itself to...no sign of it on my system now or ever.
I'm open to suggestions and ideas, but this one has me pretty frickin perplexed...
I got two auto return emails from mail servers that were undeliverable because the emails were apparently infected. I also got one back from a system administrator at some university saying the same thing.
Here's the catch...I don't have the damn Sobig virus. I've kept my definitions updated. Scanned for it several times. Checked for the registry entries and locations it supposedly copies itself to...no sign of it on my system now or ever.
I'm open to suggestions and ideas, but this one has me pretty frickin perplexed...
0
Comments
If you don't have it, you're getting rejects because someone has it and they have your email addy in their address book, so rejects are getting sent back to you.
Suck it up, and join the club of "I get 400 mails a day from SoBig and I'm not infected"
Least its a short list of people to notify!
So, if you get a bunch, sent everything above the lines that make no sense down near the bottom under the attachment name to your ISPs abuse address and the ISPs can and will use IPs and email server names and possibly Mail Transfer Agent names (in this case the MTA alias was MERRIHEW in all copies of Blaster I got including the rejects (I got 9 "real" ones first.).
The IPS all traced to one server name and one class C subnetwork within one ISP and the understanding now is that one mass-mailer helped spread them first. Anything from xterra.ediets1.com now gets trashed here, that is the email server name. Good thing is one more SPAMMER will be out to lunch for years now.
The FBI now has a subsection of it's Computer Crimes division working on virus backtracking and the US Government is treating it as a prosecutable Crime to distribute malware on public communications nets-- Felony type, AFAIK. Also, if tracked down the writer will get many very big bandwidth bills.
Since Microsoft is discontinuing seperate IE after IE 6.0 SP1, I went looking and here is a tip for admins:
IEAK (Internet Explorer Administrator Kit) is a full install of IE 6.0 SP1 which is what the new security patches for IE are mostly going to look for as a prerequisite now that IE is going to become fully integrated and not be called IE seperately as such in Longhorn and up. Microsoft will burn up to 25 copies of the IEAK per order and charges flat $10.00 for burn and package and about 10.40 shipping for units of 10. I and the company Iwork for will need them for installs on machines that should not go on the web except to patch with known patches and get AV updates before surfing again, and the default for 2000 and back is well before IE.
So if you order one, might as well get 10 and not resell them but have aguaranteed good one for along time unless you want to shift your Windows boxes to Mozilla or possibly for a fee an ad-free Opera. this will let you recover install as needed also adn then fit a pack to needs as you can even customize a company name into the install adn make a standard install set with customizations that make one company-only browser install set and then almost all have same browser and both intranet and web support in-house gets easier.
About SoBig, if the FBI does not move fast, they have been released about once a month so if author(s) is\are uncaught there could well be a SoBig.g in late Sepetember. At this point I woudl say be cautious about having very up to date AV very often, unlike a neighbor who thought he had updated his and discovered it was not last week but last month he did adn that since he was on dialup the only time it had actually updated itself was when I installed a legal Norton AV on this machine. Check by date please if you own Norton Av, and expect new ones at least weekly for viruses as a whole and expect viruses to be more sophisticated variants of older ones reworked more often than in the past.
if you hear of w32.Melchia, this was also called Blaster.D and was the "fixer" Blaster variant that someone sent.
NS