|
Joined: Apr 2003
Posts: 1,293
Top Banana
|
OP
Top Banana
Joined: Apr 2003
Posts: 1,293 |
I'm guessing a bit here, but my elementary detective skills tell me that someone in the fandom probably is infected with the Sobig-F virus. Why? Because I'm getting bounced-back emails from people I haven't sent emails to. Furthermore, the bouncebacks are coming into my yvonne@lcfanfic.com address, which no-one outside the fandom has been given (not by me, anyway!). Sobig-F is a virus which sends emails from the infected computer. It steals email addresses from the infected computer and makes it look as if the emails it's sending comes from those addresses. Therefore, someone who has my lcfanfic.com address in their address book must be infected. If you think there's any chance you're the infectee, could you please check by running an up-to-date virus scanner on your computer? If you don't have such a thing, go to www.symantec.com/downloads or http://www.sophos.com/products/sav/eval/ and download a trial version. Many thanks! Yvonne
|
|
|
Joined: Apr 2003
Posts: 699
Columnist
|
Columnist
Joined: Apr 2003
Posts: 699 |
I had the same thing happen, Yvonne, with the email account that I use primarily for Lois and Clark. But when I ran an extremely *thorough* virus scan, I discovered my computer is uninfected also.
Please check everybody!
Irene
I try to take one day at a time, but sometimes several days attack me at once.
|
|
|
Joined: Apr 2003
Posts: 2,380 Likes: 1
Kerth
|
Kerth
Joined: Apr 2003
Posts: 2,380 Likes: 1 |
It happened to me, too. I know my computer isn't infected as my antivirus is up to date and I ran a couple of online scans from Housecall and Panda to be absolutely certain. Still, I've gotten emails purporting to be from FoLCs and a couple of bounced emails supposedly from me to persons I never heard of, so somebody out there is certainly infected.
In the meantime, don't open any attachments you weren't expecting, even if they seem to come from someone you know.
Nan
Earth is the insane asylum for the universe.
|
|
|
Joined: Apr 2003
Posts: 3,454
Pulitzer
|
Pulitzer
Joined: Apr 2003
Posts: 3,454 |
I'm also getting Sobig bouncebacks through my lcfanfic.com address, Yvonne, but also through addresses which default to me but which I don't even have set up as sent-from accounts (eg the admins address from these boards, the readers' choice address at Annesplace and one or two others). Some of that's making me wonder whether at least one server has been infected, because I can't see why anyone would have, for instance, the readers' choice email in their box. These virus-writers are a pain in the behind!!! Wendy
Just a fly-by! *waves*
|
|
|
Joined: Apr 2003
Posts: 1,293
Top Banana
|
OP
Top Banana
Joined: Apr 2003
Posts: 1,293 |
Well, if they have their client set such that it automatically adds any new addresses from which they receive emails into their address book (and this happens to be the default setting for Outlook Express), then the reader's choice email account could certainly find its way into people's address books.
My reading of the virus description is that infected servers are unlikely to execute the mass-emailing part of the virus payload, but I could be wrong! It's not exactly straightforward.
Yvonne
|
|
|
Joined: Apr 2003
Posts: 3,644
Pulitzer
|
Pulitzer
Joined: Apr 2003
Posts: 3,644 |
I worried about that, too, Yvonne, so I ran a thorough virus scan the other day... but Norton says I'm clean, and I have up-to-date virus definitions... I'm getting tired of the bounce-backs, but I'm hardly getting any actual virus emails anymore, so perhaps the whole mess is winding down... PJ
"You told me you weren't like other men," she said, shaking her head at him when the storm of laughter had passed. He grinned at her - a goofy, Clark Kent kind of a grin. "I have a gift for understatement." "You can say that again," she told him. "I have a...." "Oh, shut up."
--Stardust, Caroline K
|
|
|
Joined: Apr 2003
Posts: 1,587
Merriwether
|
Merriwether
Joined: Apr 2003
Posts: 1,587 |
Well, whoever it is doesn't have my email address, thank goodness -- I got enough junk that were likely Sobig from other sources.
Thank goodness for Yahoo webmail -- I can scan for viruses before downloading anything to my computer.
Do you know the most surprising thing about divorce? It doesn't actually kill you, like a bullet to the heart or a head-on car wreck. It should. When someone you've promised to cherish till death do you part says, "I never loved you," it should kill you instantly.
- Under the Tuscan Sun
|
|
|
Joined: Apr 2003
Posts: 3,454
Pulitzer
|
Pulitzer
Joined: Apr 2003
Posts: 3,454 |
Well, if they have their client set such that it automatically adds any new addresses from which they receive emails into their address book (and this happens to be the default setting for Outlook Express), then the reader's choice email account could certainly find its way into people's address books. Sure, and normally I'd say you're right, Y - but in this case, readerschoice@nfanfic.net doesn't send out any emails. The address defaults to my account, and I don't have an account set up to reply from that address. Which is why it led me to suspect that the server could be compromised. Wendy
Just a fly-by! *waves*
|
|
|
Joined: Apr 2003
Posts: 1,293
Top Banana
|
OP
Top Banana
Joined: Apr 2003
Posts: 1,293 |
I see what you're saying, Wendy. However, here's another scenario for you: Fred Bloggs sends an email to readerschoice@nfanfic.net because he has a suggestion for a featured writer. He adds the readers choice address to his address book because he thinks he'll have more suggestions in the future. Maybe he even has Outlook set up to do this automatically for him. Then he gets the Sobig-F virus. The virus looks in his address book, finds the readers choice email address, and sends out infected emails on its behalf. One of the infected emails goes to Jane Smith, whose email system bounces the email back to the sender - the readers choice email account. All readers choice emails are forwarded to you, so you get the bounceback. Yvonne (whose only happy thought on the matter is that maybe the spammers are getting hit very big time by this virus )
|
|
|
Joined: Apr 2003
Posts: 332
Beat Reporter
|
Beat Reporter
Joined: Apr 2003
Posts: 332 |
Oh, it's even better than this. This is what Symantec says about W32.Sobig.F@mm: W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files that have the following extensions: - .dbx
- .eml
- .hlp
- .htm
- .html
- .mht
- .wab
- .txt
The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. No need to have OE set up to automatically add e-mail addresses. I did a quick search on my .txt files and found that address (readerschoice@nfanfic.net) in an mIRC log. :rolleyes: Elena
Methos: "I'm easily amused."
(Indiscretions - Highlander: The Series)
|
|
|
Joined: Apr 2003
Posts: 3,454
Pulitzer
|
Pulitzer
Joined: Apr 2003
Posts: 3,454 |
I echo that
Just a fly-by! *waves*
|
|
|
Joined: Apr 2003
Posts: 1,656
Merriwether
|
Merriwether
Joined: Apr 2003
Posts: 1,656 |
Wendy, Now I don't want to jump to any conclusions or anything, but from reading your last post I get the distinct impression that you don't like viruses. ML(who had to have her entire system wiped out because of the initial blaster worm and so doesn't have an address book anymore)
She was in such a good mood she let all the pedestrians in the crosswalk get to safety before taking off again. - CC Aiken, The Late Great Lois Lane
|
|
|
Joined: Apr 2003
Posts: 720
Columnist
|
Columnist
Joined: Apr 2003
Posts: 720 |
I, too, have been getting those dang e-mails. I recently asked others about them on IRC. I've run virus scan after virus scan to make sure I'm not infected. I do hate these things snag your address and address book. It makes for a very frustrating time until the worm has played itself out. Wendy, I'll add ML, nice suggestion. I may take advantage of that option... just to keep from getting the annoying bouce-backs.
|
|
|
Joined: Apr 2003
Posts: 2,761
Pulitzer
|
Pulitzer
Joined: Apr 2003
Posts: 2,761 |
I had been getting these e-mails too since nearly 10 days ago and was wondering what that could be, but on Saturday (and while on vacation ) I read an article on the newspaper that described exactly this phenomenon and realized I had gotten the virus. AnnaBtG. (off to run her antivirus program... thanks for the reminder, Yvonne, I'd have completely forgotten it!!)
What we've got here is failure to communicate...
|
|
|
|