Lois & Clark Forums Forums General Discussion Off Topic Who's got Sobig-F???

I'm guessing a bit here, but my elementary detective skills tell me that someone in the fandom probably is infected with the Sobig-F virus.

Why?

Because I'm getting bounced-back emails from people I haven't sent emails to. Furthermore, the bouncebacks are coming into my yvonne@lcfanfic.com address, which no-one outside the fandom has been given (not by me, anyway!).

Sobig-F is a virus which sends emails from the infected computer. It steals email addresses from the infected computer and makes it look as if the emails it's sending comes from those addresses. Therefore, someone who has my lcfanfic.com address in their address book must be infected.

If you think there's any chance you're the infectee, could you please check by running an up-to-date virus scanner on your computer?

If you don't have such a thing, go to www.symantec.com/downloads or http://www.sophos.com/products/sav/eval/ and download a trial version.

Many thanks!
Yvonne

I had the same thing happen, Yvonne, with the email account that I use primarily for Lois and Clark. But when I ran an extremely *thorough* virus scan, I discovered my computer is uninfected also.

Please check everybody!

Irene

It happened to me, too. I know my computer isn't infected as my antivirus is up to date and I ran a couple of online scans from Housecall and Panda to be absolutely certain. Still, I've gotten emails purporting to be from FoLCs and a couple of bounced emails supposedly from me to persons I never heard of, so somebody out there is certainly infected.

In the meantime, don't open any attachments you weren't expecting, even if they seem to come from someone you know.

Nan

I'm also getting Sobig bouncebacks through my lcfanfic.com address, Yvonne, but also through addresses which default to me but which I don't even have set up as sent-from accounts (eg the admins address from these boards, the readers' choice address at Annesplace and one or two others). Some of that's making me wonder whether at least one server has been infected, because I can't see why anyone would have, for instance, the readers' choice email in their box.

These virus-writers are a pain in the behind!!!


Wendy

Well, if they have their client set such that it automatically adds any new addresses from which they receive emails into their address book (and this happens to be the default setting for Outlook Express), then the reader's choice email account could certainly find its way into people's address books.

My reading of the virus description is that infected servers are unlikely to execute the mass-emailing part of the virus payload, but I could be wrong! It's not exactly straightforward.

Yvonne

I worried about that, too, Yvonne, so I ran a thorough virus scan the other day... but Norton says I'm clean, and I have up-to-date virus definitions... I'm getting tired of the bounce-backs, but I'm hardly getting any actual virus emails anymore, so perhaps the whole mess is winding down...

PJ

Well, whoever it is doesn't have my email address, thank goodness -- I got enough junk that were likely Sobig from other sources.

Thank goodness for Yahoo webmail -- I can scan for viruses before downloading anything to my computer.

Sure, and normally I'd say you're right, Y - but in this case, readerschoice@nfanfic.net doesn't send out any emails. The address defaults to my account, and I don't have an account set up to reply from that address. Which is why it led me to suspect that the server could be compromised.


Wendy

I see what you're saying, Wendy. However, here's another scenario for you:

Fred Bloggs sends an email to readerschoice@nfanfic.net because he has a suggestion for a featured writer.

He adds the readers choice address to his address book because he thinks he'll have more suggestions in the future. Maybe he even has Outlook set up to do this automatically for him.

Then he gets the Sobig-F virus. The virus looks in his address book, finds the readers choice email address, and sends out infected emails on its behalf.

One of the infected emails goes to Jane Smith, whose email system bounces the email back to the sender - the readers choice email account.

All readers choice emails are forwarded to you, so you get the bounceback.

Yvonne
(whose only happy thought on the matter is that maybe the spammers are getting hit very big time by this virus )

Oh, it's even better than this.

This is what Symantec says about W32.Sobig.F@mm:

No need to have OE set up to automatically add e-mail addresses. I did a quick search on my .txt files and found that address (readerschoice@nfanfic.net) in an mIRC log. :rolleyes:

Elena

I echo that

Wendy,

Now I don't want to jump to any conclusions or anything, but from reading your last post I get the distinct impression that you don't like viruses.

ML(who had to have her entire system wiped out because of the initial blaster worm and so doesn't have an address book anymore)

I, too, have been getting those dang e-mails. I recently asked others about them on IRC. I've run virus scan after virus scan to make sure I'm not infected. I do hate these things snag your address and address book. It makes for a very frustrating time until the worm has played itself out.

Wendy, I'll add

ML, nice suggestion. I may take advantage of that option... just to keep from getting the annoying bouce-backs.

I had been getting these e-mails too since nearly 10 days ago and was wondering what that could be, but on Saturday (and while on vacation ) I read an article on the newspaper that described exactly this phenomenon and realized I had gotten the virus.

AnnaBtG. (off to run her antivirus program... thanks for the reminder, Yvonne, I'd have completely forgotten it!!)