From owner-freebsd-questions@FreeBSD.ORG Tue Aug 19 09:20:32 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6941216A4BF for ; Tue, 19 Aug 2003 09:20:32 -0700 (PDT) Received: from SMT02002.global-asp.net (SMT02002.global-asp.net [194.51.152.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1522643F75 for ; Tue, 19 Aug 2003 09:20:31 -0700 (PDT) (envelope-from apasselac@free.fr) Received: from smt02003.global-asp.net (localhost [127.0.0.1]) by SMT02002.global-asp.net (Postfix) with ESMTP id 242C623482; Tue, 19 Aug 2003 18:20:27 +0200 (CEST) Received: from freebie.freebsd.org (unknown [212.234.227.125]) by smt02003.global-asp.net (Postfix) with ESMTP id BE88A2FA09; Tue, 19 Aug 2003 18:20:28 +0200 (CEST) Received: from freebie.freebsd.org (freebie.freebsd.org [127.0.0.1]) by freebie.freebsd.org (8.12.9/8.12.9) with ESMTP id h7JHwI1h003886; Tue, 19 Aug 2003 19:58:18 +0200 (CEST) (envelope-from kmaster@freebie.freebsd.org) Received: (from kmaster@localhost) by freebie.freebsd.org (8.12.9/8.12.9/Submit) id h7JHwIhK003885; Tue, 19 Aug 2003 19:58:18 +0200 (CEST) Date: Tue, 19 Aug 2003 19:58:17 +0200 From: Armand Passelac To: Kliment Andreev Message-ID: <20030819175817.GA3855@freebie.freebsd.org> References: <002301c36666$b530afb0$04fea8c0@moe> <002201c36668$a729c3f0$ca0110ac@vinyl.tkvbp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <002201c36668$a729c3f0$ca0110ac@vinyl.tkvbp.com> cc: freebsd-questions@freebsd.org Subject: Re: Flood of infected emails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Aug 2003 16:20:32 -0000 Here is the virus description from TrendMicro Labs : We decide to declare a YELLOW ALERT on the malware WORM_SOBIG.F, due to several infection over the world. For reminder here is the short Virus Description: This worm propagates by mass-mailing copies of itself using its own Simple Mail Transfer Protocol (SMTP) engine. It collects email addresses +from files with the following extensions: DBX HLP MHT WAB HTML The email message it sends out contains the following details: Subject: Re: Thank you! Thank you! Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie Message body: See the attached file for details. Please see the attached file for details. Attachment: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif Re: Thank you! It runs on Windows 95, 98, ME, NT,2000, and XP systems. http://www.trendmicro-europe.com To want you have to do, TrendMicro explains everything here : http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F GOOD LUCK !! [---- On Tue, 19 Aug, 2003 at 11:43, Kliment Andreev wrote: ----] Kliment> Kliment> Kliment> >> Has anyone besides me been receiving a flood of infected emails? Kliment> Kliment> Kliment> I am flooded too. From 8:00AM (EST) till now (11:40AM) I received almost 120 Kliment> of these emails. I am using Norton Antivirus 2003. The attachments were Kliment> purged automatically. According to Kliment> http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html Kliment> this worm will stop 10-Sep. :) Kliment> Kliment> _______________________________________________ Kliment> freebsd-questions@freebsd.org mailing list Kliment> http://lists.freebsd.org/mailman/listinfo/freebsd-questions Kliment> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" [---- End of original mail from Kliment Andreev ----] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE