Hi everyone. I've been getting returned emails that say the Sobig.F virus had originated from my computer.

<heart attack>

So I updated my virus definitions, scanned, checked manually, and checked my registry, but my PC(s) are clean.

So I checked on the virus' info here: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

Main point here is:

From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender).

It goes on to say that it uses email addresses found while the user surfs the internet. So someone who visits the site has the virus.

So EVERYONE needs to do a scan with the lates virus definitions.

Thank you,

Caniac

if you view the full headers you can see the real email address that originated it instead of the spoofed email (it will be toward the bottom). It's not necessarily from this site.. though, everyone should still download the latest anti-virus!! There was another release today for a new worm which shut down Lockheed Martin and Air Canada ticket counters today

just curious, is it another one that is only on more recent editions, or should even people with win98 and lower check, as well?

Ah-HA! So THAT is why I have been getting tons of emails today with that virus on it. I had figured that someone who had me on their address list had gotten it. Doesn't matter much to me since that email is only accessed from a UNIX terminal...

Thanks for letting us know!!

-Kat

Tommy - This one affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Must be what Angie was getting as well...

Technical details here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
which includes possible senders, subjects, removal instructions, etc.


New Fast-Spreading Sobig Worm Adds to 'Worm Week'
46 minutes ago Add Technology - Reuters to My Yahoo!
By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - A new mass e-mail worm that attempts to download files from the Internet and potentially leave computers vulnerable to further attack was spreading quickly around the world on Tuesday, anti-virus experts said.

The new worm, dubbed Sobig.F, is at least the fourth new, major Internet worm to hit computers worldwide in the past week, prompting anti-virus vendor F-Secure to declare this the "worst virus week ever."

Sobig.F, a variant of an older worm, began spreading on Monday in Europe and has infected an estimated tens of thousands of Windows-based computers, said Patrick Hinojosa, chief technology officer at Panda Software, based in Madrid.

It arrives in e-mail and includes a variety of subject lines, including "Your details," "Thank you!," "Your application" and "Wicked screensaver." It has caused some corporate e-mail systems to grind to a halt, according to Sophos Inc.

When the .pif or .scr attachment is opened, Sobig.F infects the computer and sends itself on to other victims using a random e-mail address from the address book.

It also prepares the computer to receive orders and tries to download files from the Internet, said Hinojosa. It was unknown exactly what files they were, he said.

If the infected computer is on a shared network, the worm tries to copy itself to the other computers on that network.

The worm is programmed to stop spreading on Sept. 10.

Network Associates Inc. (NYSE:NET - news) has rated Sobig.F a medium risk because of the quick rate of spread, said Jimmy Kuo, research fellow at Network Associates, an anti-virus software vendor.

Sobig.F was spreading at an "alarming rate," accounting for nearly 80 percent of all infection reports recorded on Tuesday, according to anti-virus provider Central Command.

Sobig.F comes on the heels of the Blaster, or LoveSan, worm which hit hundreds of thousands of computers worldwide last week, spreading to victims through a security hole in the Windows operating system and crashing them.

On Monday, another worm surfaced that was written to remove Blaster from infected computers and patch the hole. That worm, dubbed "Welchia" or "Nachi," was temporarily paralyzing many corporate networks, experts reported.

In addition, an e-mail hoax was circulating, purporting to be a patch from Microsoft for the security hole Blaster exploits. But the e-mail instead contains a Trojan application that installs itself on the computer as a back door enabling an attacker remote access to the system.

There has not been so much virus activity since the Code Red and Nimda worms hit about a year ago, experts said.

Haven't gotten any suspicious emails from y'all or otherwise...so it isn't me. Maybe it's being sent from people who have their emails listed on the site? (well...that isn't a question...but you know what I mean :spin: )
Thanks for informing us, boss!

The reason I suppose someone visiting the site has it is that this is the only place my caniac@letsgocanes.com email is listed.

So it had to have come from here.

Of course, it could be some random person that only visited the site once, and the .html file is still in their temporary internet files.

Regardless, it's a good idea to check out your PC(s) everytime a new one hits.

It could also be from someone who has your email address in their Outlook address book... and it might be someone here who has a bunch of us in there. We are thinking the origin point is the actual lgc website, when it could be an lgc member with our email addresses. Just a thought.

-Kat

I got several emails from people I didn't know today and the subject line was something along the lines of virus protection...I just deleted them!

I got several emails from people I didn't know today and the subject line was something along the lines of virus protection...I just deleted them!

So did I...but I did a scan today and found no viruses.

strange, I have to imagine I am in some people's address books as much as we email, but I haven't gotten any either.

If you have gotten some, go to Profile and see if you have yes or no marked for the question "Always show my e-mail address:" I have no. Do those of you receiving emails have Yes there?

(I say this assuming the email with the subject "keeper" was intentionally sent by you Alicia and Mona.. true? I haven't opened it yet.)

(I say this assuming the email with the subject "keeper" was intentionally sent by you Alicia and Mona.. true? I haven't opened it yet.)

Yes, intentional. ;)

If you have gotten some, go to Profile and see if you have yes or no marked for the question "Always show my e-mail address:" I have no. Do those of you receiving emails have Yes there?

Did have, now is No.

Well, I received it twice today, but luckily scanned my attachments first and saw it. I use Yahoo email primarily, so it can't get in my address book, but my email is on my school's webpage, so people send me spam all the time, forwarded to my regular one.

Scanned and my computer is safe!

For those of you scanning away, make sure you download the latest DATs first so it is looking for this worm too! :)

So I guess this is what's happening to me, huh? Well, I haven't opened any of the attachments and had downloaded the most recent DATs before I scanned so I guess I'm not infected.

You know what though? One of the e-mails came from Mona's address! The subject was "That movie" but there were other e-mails with that same subject line so I figured it wasn't really you, Mona.

I also got some from faceoff.com and caneshockey.com. What a pain in the a$$. :roll:

These people should be shot.

These people should be shot.

It makes you wonder...what kind of creep gets kicks out of this kind of thing?

You know what though? One of the e-mails came from Mona's address! The subject was "That movie" but there were other e-mails with that same subject line so I figured it wasn't really you, Mona.

I also got some from faceoff.com and caneshockey.com. What a pain in the a$$. :roll:

Yeah, I didn't get any from faceoff.com, but I got a few e-mails from caneshockey.com and wral.com, plus a few claiming to be from Caniac, Hyena, TatFever, and Shell. I even got one claiming to be from Buccigross! As for titles, the ones I got were "Your Application", "my details", "Wicked Screen Saver", "That movie", and "Thank You!". Ugh and grrrrr... :mad:

These people should be shot.

Amen to that and what Turby said.

BTW, I did a scan earlier, and my PC is virus free. Also, I use Incredimail instead of Outlook, so I should be overall safe.

You know what though? One of the e-mails came from Mona's address! The subject was "That movie" but there were other e-mails with that same subject line so I figured it wasn't really you, Mona.

I also got some from faceoff.com and caneshockey.com. What a pain in the a$$. :roll:

These people should be shot.

I didn't send that Angie!! :roll: and Shell my email to always be shown was yes and like Alicia..I changed it.......people that purposely try to sabotage should have done to them what Angie suggested...as*holes! :mad:

was your profile set to show email addy Fantasti?

Damn those people, I just got an e-mail saying an e-mail addressed to me had the file, which had been deleted.

These people should be shot.

In the kneecap. Repeatedly.

BTW guys...I had NO to having my email address shown in my profile so they've got to be getting our addresses another way. I already received 15 email messages with that junk...and just like stormbringer, i got one from john buccigross too! that's when i figured something wierd was going on. i also got messages from tatfever, some guy at wral.com, and tons of others i didn't even recognize....

poor caniac...i bet this is pretty stressful for you buddy... :roll: it IS the most annoying thing to have to deal with. thanks for alerting us!

My profile is and always has been set to NOT show e-mail.

I downloaded and ran the fix-it tool just in case and I didn't have it according to that and according to two updated Norton anti-virus scans. So I should be cool.

And Mona, I knew it didn't really come from you because when I get an e-mail from you it shows up at "Mona" in the sender column and not your actual e-mail address.

Again, I say, they should be shot. And I normally don't go in for that type of punishment. :mad: What bored, pathetic, no-life having, jerks. :roll:

My profile is and always has been set to NOT show e-mail.

I downloaded and ran the fix-it tool just in case and I didn't have it according to that and according to two updated Norton anti-virus scans. So I should be cool.

And Mona, I knew it didn't really come from you because when I get an e-mail from you it shows up at "Mona" in the sender column and not your actual e-mail address.

Again, I say, they should be shot. And I normally don't go in for that type of punishment. :mad: What bored, pathetic, no-life having, jerks. :roll:

Poor Angie...it sounds like you got it bad too...

Regardless, it's a good idea to check out your PC(s) everytime a new one hits.

Ah, just one more reason I love my Mac. Other than deleting a pile of emails from people I don't know once in a while, I never have to worry about viruses. Funny, with all the time these jackholes have to create these things, they have never made one that can mess up a Mac. Says something about the quality of the machines, eh?

Aaryn

Regardless, it's a good idea to check out your PC(s) everytime a new one hits.

Ah, just one more reason I love my Mac. Other than deleting a pile of emails from people I don't know once in a while, I never have to worry about viruses. Funny, with all the time these jackholes have to create these things, they have never made one that can mess up a Mac. Says something about the quality of the machines, eh?

Aaryn

That's definitely a plus to owning a mac! :) my mom uses macs at her workplace and she loves them.

was your profile set to show email addy Fantasti?

Yes, it was Shell...but I changed it so my e-mail address wasn't showing after this afternoon.

Thankfully, I'm not getting anymore viral e-mails, and haven't been getting any since between six and six-thirty this evening.

Regardless, it's a good idea to check out your PC(s) everytime a new one hits.

Ah, just one more reason I love my Mac. Other than deleting a pile of emails from people I don't know once in a while, I never have to worry about viruses. Funny, with all the time these jackholes have to create these things, they have never made one that can mess up a Mac. Says something about the quality of the machines, eh?

Aaryn

I'm not knocking Mac's, because I like 'em too, but why would anyone write a virus that would only affect 3-4% of the computer market? It would be a waste of time.

There's holes and exploits in OS X, but like I said, waste of time.

OSX yes, holes and exploits, but not the newest OSX Jaguar as much, and the to be released OSX Panther is supposed to be even better. Your point is well taken though, yet I think it's quite a bot higher than 3-4%.

Aaryn

When I got to work this morning, I had all those emails with the worm virus...the thank you and a few others!! :crazy: This is ridiculous...

WRAL said Mike Maze got 1500 emails last night... :eek:

Mac's don't get these viruses.... the downside is there are only 7 games and 13 programs to run on it. ;) hehehe

gotta watch this: http://webdev.o1.com/rvb/movies/switch/RvB_switch.mov

:D

back to the topic. I haven't gotten anything from lgc addies. but on the bright side, back to back serious worms always help people to remember to be religious about updating.

I am continuously getting those emails from co-workers with full email address. Lots of times we will get junk with last names, but never full email address...I know our computer staff is pulling their hair out!! :crazy:

Apparently this virus or one like it can also masquerade as a returned email (i.e., one that you sent that got bounced back). I have received three "undeliverable email" messages from Mail Delivery Subsystem on an address that I almost never send messages from (it's my surfing the 'Net address - one more layer of protection). So beware...

I've been getting those "returned email" messages too. Not a ton of them but enough to cause me irritation. I scanned my harddrive and checked my registry and nothing came up, so I don't believe my machine is infected. That atleast is some good news. :crazy:

I'm still getting the emails too & scanning and coming up with nothing. Weird...

Same here. I got something like 40 e-mails yesterday. :roll: I've updated my virus stuff and scanned and even scanned with the sobig.f removal tool just to be safe and they all show nothing. I guess you have to open the attachment to be infected. But this is insane. Why the e-mails? Don't they think they person getting them is smart enough to figure it out by now and just delete them all? I guess they just want to be homicidally annoying. :mad:

From the Los Angeles Times

Infected PCs await orders from hacker
Virus dubbed SoBig.F programs computers to automatically download potentially malicious materials, experts say
By Joseph Menn and David Streitfeld
Times Staff Writers

August 22, 2003

LOS ANGELES -- One of the fastest-spreading e-mail viruses ever is threatening to discombobulate computers around the world today, when hundreds of thousands of infected PCs could be commandeered to send spam, delete data or inflict other unpleasantness.

The virus, dubbed SoBig.F, has programmed the computers it has infected to automatically download potentially malicious instructions from a machine thought to be controlled by the person who wrote the virus, computer security experts said.

So far, SoBig has done little if any permanent damage. But it has caused plenty of aggravation by filling e-mail in-boxes and clogging networks, even at companies whose employees know better than to open e-mail attachments they didn't request. SoBig spreads through attachments, just as the Melissa and ILoveYou viruses did in the past. It is the third widespread infection of computer networks this month.

Unlike its predecessors, SoBig has become more sophisticated in successive versions since its discovery in January. It is one of the first to install a "back door" to allow additional manipulation by hackers.

"Traditionally, viruses only propagated copies of themselves," said John R. Levine, author of "The Internet for Dummies." "It's a fairly recent development -- over the past few months -- that we're seeing viruses that leave a trap door so bad guys can come in later and install more hostile software."

Computer security experts scrambled Thursday to analyze SoBig so they could stop the hacker's designated server computer from giving new instructions to infected personal computers. The PCs are scheduled to rendezvous with the server today. Another contact is supposed to take place Sunday.

By analyzing the virus, the experts know the server's numeric Internet address but not its physical location or the identity of its owner. As a result, it was not clear whether law enforcement officials would be able to tap into or interfere with the communication between infected PCs and the server computer. A spokesman for the Department of Homeland Security said only that officials were monitoring the spread of the virus.

SoBig -- presumably named for the effect it was designed to have on computer networks -- is triggered when a user tries to open the attachment, allowing the program to write itself into the start-up sequence of a machine running one of many editions of Microsoft Corp.'s Windows operating system.

The virus seeks out e-mail addresses stored on the PC and selects some of them to be its next targets. The virus also picks out addresses to use as fake return addresses. That way, when messages are undeliverable, they bounce back to innocent parties and clog up their in-boxes too.

Just one infection at a big company can prompt thousands of outgoing messages, only one of which must be opened for the infection rate to hold steady. SoBig ranks among the fastest-spreading viruses to date, though previous viruses have infected far more computers.

Internet users were flooded this week with infected e-mails generated by SoBig. EarthLink Inc., one of the biggest providers of residential Internet access, said Thursday that it was deleting hundreds of infected messages a second.

The attack arrived as companies were struggling to contain the effects of earlier viruses and worms. CSX Corp., the railroad giant, said the Blaster worm infected its signaling and dispatching systems early Wednesday morning. All of CSX's rail service was halted for two hours, and morning commuter service in Washington was canceled.

Freight customers were still experiencing delays Thursday night, CSX spokesman Adam Hollingsworth said. "We're having to use manual processes instead of automated ones," he said.

Yet another virus, Nachi, hit Air Canada this week, forcing ticket-counter agents to check in clients manually.

In general, security firms said big companies, because they tend to have firewalls and up-to-date anti-virus software, were better equipped than small firms and consumers to handle viruses like SoBig.

Computer experts spent Thursday debating what the SoBig author's next instructions are likely to be. One leading theory is that the update will turn infected machines into generators of unwanted commercial e-mail, known as spam.

"It's almost like someone breaking into your home and then using your phone to do telemarketing," said Ian Hameroff, chief security strategist for Computer Associates International Inc., one of the world's biggest software companies.

Other possibilities are that the virus will turn destructive, wiping out data stored on compromised PCs. It also could launch a so-called denial-of-service attack on major Web sites, overwhelming them with meaningless requests for information.

"At any given point, [the author] can update the virus and make it more destructive," said Joe Hartmann, a research executive at computer security firm Trend Micro Inc.

Such tactics raise the stakes for computer professionals and ordinary consumers as they seek to ward off new attacks.

"The threats are continuing to get cleverer and cleverer, and it takes more steps to stop them," said Brian Foster, director of product marketing in the security response unit of Symantec Corp., the world's largest maker of anti-virus software.

There are at least two reasons to believe that SoBig will launch a cascade of spam. The first is that spammers earn commissions from their flood of e-mails, and working with spammers is one of the few ways for a virus writer to profit from his or her activity. The second is that large amounts of spam have been traced to unwitting PCs that have been infected by early versions of SoBig and might have had their e-mail programs manipulated in the process.

Aside from its plan to phone home, SoBig includes other modest advancements over previous e-mail viruses. For instance, it disguises itself with a variety of subject lines, such as "Thank you!" and "Details," rather than using one subject line over and over.

The biggest losers were small businesses and consumers whose e-mail backed up so much that some incoming messages were lost. A modest-sized L.A. law firm was effectively shut down after its network was clogged by a SoBig infection Tuesday, before word of the dangerous messages spread.

"They were an early adopter," Afinety Inc. Vice President Kevin J. McCarthy said dryly after his company was called in to disinfect the lawyers' machines. He declined to identify the client.

Late Wednesday, Microsoft warned of three more "critical" security holes in Windows and its Internet Explorer browser. The software giant is urging consumers to set their PCs to receive security patches automatically.

Even if SoBig's next step proves to be relatively benign, experts said they expected future viruses to seize control of PCs for spam -- or worse.

"No question that you're going to be getting e-mail that seems to be from your grandmother offering to give you bigger body parts," said Levine, the "Internet for Dummies" author. "It's only a matter of time before someone starts to use hijacked computers to send kiddie porn."

Late Wednesday, Microsoft warned of three more "critical" security holes in Windows and its Internet Explorer browser. The software giant is urging consumers to set their PCs to receive security patches automatically.

again, incase you missed it:
Late Wednesday, Microsoft warned of three more "critical" security holes in Windows and its Internet Explorer browser. The software giant is urging consumers to set their PCs to receive security patches automatically.

I certainly can't compete with Mike Maze's 1500, but i'm getting roughly 50 a day... 'wicked screensaver'... 'your details'.... 'my details'... '(insert name here) details'... 'thank you'... and quite a few of the 'returned undeliverable's. Some have come from LGC members, plus i've received them from the N&O, NHL, ESPN, and miriad strangers.

I did a full update of virus definitions and scanned my computer last night; i'm free of it. It's definitely worth everybody's time to do the same. Here are a couple places where you can get scanned if you don't have an internal anti-virus program...

http://www.symantec.com/

http://us.mcafee.com/default.asp

What I hate so much about this is that even though my PC doesn't have the virus, I am still affected by it to the tune of 10-15 bogus emails per day. It is especially annoying since I (somehow) almost never receive spam.

So will cleaning the virus off the computer that it got my email address from stop the emails? Or do our email addresses get sent to the mystery server for future abuse?

Strangely enough, I still have not gotten a single one..

Strangely enough, I still have not gotten a single one..

*Whispers*. Me neither.

Strangely enough, I still have not gotten a single one..

*Whispers*. Me neither.

Well, we can't help you guys aren't popular. ;)

I've gotten less e-mail sos far today. *knocks on wood*


So, I've heard Mozilla suggested as a good alternative to IE. Any other suggestions? Is Mozilla's e-mail application good too? I really love Outlook so I'm reluctant to switch but with all this mess it looks like it would make life easier. :roll:

Strangely enough, I still have not gotten a single one..

*Whispers*. Me neither.

Well, we can't help you guys aren't popular. ;)

I think it's cuz I haven't enlarged my penis.

Strangely enough, I still have not gotten a single one..

*Whispers*. Me neither.

Well, we can't help you guys aren't popular. ;)

I think it's cuz I haven't enlarged my penis.

I haven't either, but I'm still getting them. ;)

I've gotten less e-mail sos far today. *knocks on wood*

So far, I've gotten absolutely zip viral e-mails today. But, this was exactly how it was the day after this crap started...leading me to believe that the expected pattern until September 10th (Or whenever they said this is supposed to end.) is to get a ton of e-mail one day, have a respite the next, then a lot of e-mail, and so forth...

Tuesday - 75-100 viral e-mails
Wednesday - Zero e-mails
Thursday - 50-75 e-mails
Today - None so far...

I seriously hope I am wrong... :sick: :mad: :roll:

I love my MAC
I love my MAC
I love my MAC
I love my MAC
I love my MAC.

Aaryn

of course you do, you're a graphic designer.. the only breed of people who should have a mac ;)

Yeah, it does seem like it has a schedule.

I got about 10 of the e-mails two days ago, and none yesterday, and 7 today.

Strangely enough, I still have not gotten a single one..

*Whispers*. Me neither.

Well, we can't help you guys aren't popular. ;)

I think it's cuz I haven't enlarged my penis.

I can't speak for anyone else, but that's definitely why I don't like you, Shell. ;) :D

Aaryn... I also love my Macs!!

I have a nice little iMac at work, and a very basic iBook at home. I couldn't afford the PowerBook :cry:

And I cannot wait for Panther!

I'll add "Me three" to loving my Mac!! ;)

Have never ever gotten any of those wierd viruses......

I used to have a bumper sticker that said:
Windows '98????? MacIntosh 1984!!!

Arrest Coming Today in Internet Attack
By TED BRIDIS
The Associated Press
Friday, August 29, 2003; 7:15 AM

WASHINGTON - U.S. cyber investigators have identified a teenager as one author of a damaging virus-like infection unleashed weeks ago on the Internet and plan to arrest him early Friday, a U.S. official confirmed.

The 18-year-old was accused of writing a version of the damaging "Blaster" computer infection that spread quickly across the Internet, the official said, speaking on condition of anonymity. The official asked that further identifying information about the teenager not be disclosed until the arrest.

Further details were expected to be disclosed Friday by the FBI and U.S. attorney's office in Seattle, which has been leading the investigation.

A spokesman for the U.S. attorney's office there, John Hartingh, said there had been "no arrest made in this matter yet." He declined to comment further.

A witness reportedly saw the teen testing the infection and called authorities, the official said.

Collectively, different versions of the virus-like worm, alternately called "LovSan" or "Blaster," snarled corporate networks worldwide, forcing Maryland's motor vehicle agency to close for one day. The infection inundated networks and frustrated home users.

Symantec Corp., a leading antivirus vendor, said the worm and its variants infected more than 500,000 computers worldwide. Experts consider it one of the worst outbreaks this year.

The "Blaster.B" version of the infection, which began spreading Aug. 13, was remarkably similar to the original Blaster worm that first struck two days earlier; experts said the author made few changes, renaming the infecting-file from "msblast" to an anatomical reference.

All the Blaster virus variants took advantage of a flaw in Microsoft Corp.'s flagship Windows software. Government and industry experts had anticipated such an outbreak since July 16, when Microsoft acknowledged the software problem, which affects Windows technology used to share data files across computer networks.

The infection was quickly dubbed "LovSan" because of a love note left behind on vulnerable computers: "I just want to say LOVE YOU SAN!" Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"

Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft, which the software maker easily blunted. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections.

The worm generated so much Internet traffic that it knocked hundreds of business and government systems offline, including those in the Federal Reserve in Atlanta, the U.S. Senate and the Maryland Motor Vehicle Administration.

One of the variants that contributed to the Internet slowdown was designed to seek out and fix computers that remained vulnerable to the first worm.

In its structure, Blaster is considered most similar to "Code Red," a worm that infected more than 300,000 computers in the summer of 2001, directing all PCs plagued with the bug to attack the White House Web site. As with Blaster, several variants followed the original Code Red, including a worm known as "Code Green," which attempted to fix computers tainted by Code Red.

I found this today while looking for something else and thought it was pretty interesting. I assume you guys will tell us if it's total BS.

"If a worm virus gets into your computer it heads straight for your email address book and sends itself to everyone in there, thus infecting all your friends and associates.

This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact that the worm has gotten into your system.


Here's what you do:


First: Open your address book and click on "new contact" or "new person" just as you would do if you were adding a new friend to your list of email addresses.


Second: In the window where you would type your friend's FIRST name,type in !000 (that's an exclamation mark followed by 3 zeros).


In the window below where it prompts you to enter the new email address, type in WormAlert@mark.com (actually any @.com will work)


Third: Then complete everything by clicking add, enter, OK, etc.


Now, here's what you've done and why it works: the "name" !000 will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends.


But when it tries to send itself to !000, it will be undeliverable because of the phony email address you entered (WormAlert). If the first attempt fails (which it will because of the phony address), the worm goes no further and your friends will not be infected.


Here's the second great advantage of this method: If an email cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an email telling you that an email addressed to WormAlert could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it.


If everybody you know does this, then you needn't ever worry about opening mail from friends. Pass this on to your friends.

I think the only way to test this would be to purposely infect your computer, and see if the failure to deliver theory would indeed stop the worm from propagating through the rest of the address book.

it is an interesting idea. and in theory, it could work. though I really don't know that the worm would just stop itself because the first one it tried was undelieverable. wouldn't hurt just to toss that fake addy in.... I'm just saying... until you get a virus, there's no way of knowing if it worked or not.

in theory, it could work. though I really don't know that the worm would just stop itself because the first one it tried was undelieverable. wouldn't hurt just to toss that fake addy in....

That's pretty much what I was thinking. I'm sure if it does work they'll be writing the worms differently so that they don't just stop (if they even do now) after the first undeliverable address. :roll:

right. which wouldn't be that hard to do...

and is precisely why I doubt that most of these worms would just go dormant after one un-deliverable. it would be a Major oversight in coding a virus whose main objective was to propagate itself so fast and so thoroughly, that it crashed email servers across the world.

so if everyone had !000@whatever.com in their adress book, things like Melissa, etc... would've never worked? not likely, imvho.

Is anyone other than me still getting these emails? Up to 20+/day, although I've noticed they do take weekends and holidays off... :roll:

I haven't gotten one in a while now

I haven't gotten one in a while now

Same here.

SHC - That one is false..

Origins: This "helpful" bit of advice first appeared on the Internet in mid-August 2001. It purports to offer an easy-to-implement solution to counter the ongoing travails visited upon those foolish enough to have opened virus-laden e-mails by disarming the virus' ability to spread to others disguised as legitimate mail from the duped user. According to the advice, netizens need only add a bogus entry at the head of their e-mail address books to create an effective "shark account" that will gobble up unauthorized mailings to the full book.

There are two major problems with this approach that make it largely ineffective:

Most viruses don't attempt to mail themselves to every entry in an infected system's address book, all in one message. They sometimes go through address books sequentially and mail out separate messages to each address encountered, a case in which the phony address at the head of the address book won't do anything to stop the virus from spreading. (The badly-addressed message will bounce, but that won't do anything to prevent the virus from proceeding through the rest of the address book.) Moreover, most viruses go through address books randomly (rather than sequentially) or pick up addresses from a variety of other files resident on infected systems (e.g., read mail messages, HTML files), approaches on which the method advocated above will have no effect whatsoever.

Viruses don't send out mail interactively, as people do. Most mail programs include routines to check addresses for valid formatting as the user adds them to the message header form, and those routines prevent the user from proceeding when a badly-formatted address is detected — the problem must be corrected before more addresses can be added or the message sent. But viruses aren't using interactive forms to address messages; they're running in the background, creating and sending messages programmatically rather than interactively, so they never encounter the forms (and the address-checking routines attached to them) intended for humans.
Even viruses whose spread has been halted via the ruse of a fake address book entry can still be doing damage to the infected user's system. Once an executable file has been opened and run, any virus it contains begins doing its dirty work. Part of that dirty work may amount to mailing itself to others, but if the virus is programmed to do more than just replicate itself via e-mail, it will still be quietly wreaking havoc on the infected computer. Deleting the infection-carrying e-mail will not halt whatever else may be underway.
Only a fool takes advice that amounts to altering anything on his own system without first fully understanding its nature. Though the current "helpful trick" is innocuous, there is no guarantee later versions will not circulate that instruct the credulous to do harm to their systems under the guise of helping them. Witness the May 2001 sulfnbk.exe hysteria which duped thousands of users geared to take whatever advice turned up in their inboxes into deleting a key Windows operating system file from their home systems.

The best advice for countering viruses has always amounted to investing in good anti-virus software and using the product regularly to scan for infected files. Second best is a caution against running executable files sent in e-mail. Prurient or lustful curiousity often fuels the spread of those infections, as users who should by now know better open applications that promise videos of the McVeigh execution or naughty encounters featuring the latest media hotties.

Peek not lest you lose, not your soul, but your hard drive.

Barbara "monkey C:\, monkey lose" Mikkelson

Thanks Shell. And I haven't been getting e-mails anymore either.

There is a new big bad worm in town. Be sure to update your anti-virus software (and then reboot) and also be sure to apply any new Windows Patches for your operating system!

Here is the patch for this one:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp

beat me to it :p

yes folks, another Gaping hole in Windows. It doesn't mention 98. I'm really not sure if MS is just discounting 98, figuring nobody runs it anymore... or what. /shrug. no 98 listed in patch locations either.

Impact of vulnerability: Three new vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system.

Maximum Severity Rating: Critical

Recommendation: System administrators should apply the security patch immediately

End User Bulletin:
An end user version of this bulletin is available at:

http://www.microsoft.com/security/security_bulletins/ms03-039.asp.

I sure hope they aren't just ignoring 98. There's still a few of us out here....

98 is not vulnerable to this one. It is a variant of the LovSan.worm, an additonal vulnerability has been discovered in the RPC server of Windows NT and higher (NT, 2K, and XP).. don't worry Angie, the gaping holes are apparently only on the more secure operating systems :roll:

Yes they are ignoring 98. Windows 95,98, ME, and NT 4.0 are no longer officially supported, so no new patches are being made for these operating systems.

95, 98, and ME are all susceptible to these exploits.

My advice would be to upgrade to XP, which is exactly what M$ wants you to do.

Yes they are ignoring 98. Windows 95,98, ME, and NT 4.0 are no longer officially supported, so no new patches are being made for these operating systems.


When did that happen? That particular link above has a link for a patch for NT 4.0 and I just downloaded a new patch for 98 the other day.

Actually, the last few warnings I've looked at lately have said that ME is not affected by the problem. As far as I know, it is still fully supported, unlike older versions which they may not write patches for sometimes. Apparently it just doesn't have some of the holes that other versions do.

No longer officially supported in that they won't be releasing service packs, and will only release any virus killers/bug fixes if there's time after doing the newer OS's.