SoBig virus

Anything and Everything. Chat about stuff not related to PopTray.

Moderators: KY Dave, jojobear99, Rdsok

User avatar
Renier
Site Admin
Posts: 1957
Joined: Mon Oct 15, 2001 12:54 pm
Location: Cape Town, South-Africa
Contact:

SoBig virus

Post by Renier » Wed Aug 20, 2003 9:17 am

Betweeen yesterday and today, I have so far received 70+ copies of the SoBig virus. One of the big problems of running a website and also answering emails about PopTray is of course that your email address gets around, and you become a bigger target for spam and virii.

User avatar
Curtz
Priceless
Posts: 552
Joined: Tue Nov 27, 2001 3:52 am
Location: A nice tree

Post by Curtz » Fri Aug 22, 2003 10:18 pm

It still surprises me that so many execute the virus, that so many IPS does not filter attachments like pif, scr and exe from mails... :evil:

User avatar
quosego
Guru
Posts: 219
Joined: Mon Oct 15, 2001 11:42 pm
Location: The Netherlands

Post by quosego » Sat Aug 23, 2003 12:01 pm

My hosting provider used to filter email and this system did not inform me about messages that where blocked. So some messages never reached me and i did not know anything at all.

In case of a massive attack on the whole internet i can live with such an intervention but normally i don't want anyone to interfere with my email traffic.

Imagine the situation where your mailman is scanning your letters and other mail before delivering them into your box ! I do not think that many people would appreciate this.

User avatar
homaquebec
PopTray Family
Posts: 913
Joined: Tue May 27, 2003 6:47 pm
Location: Québec (Canada)

Post by homaquebec » Sat Aug 23, 2003 9:16 pm

Curtz wrote:It still surprises me that so many execute the virus... :evil:
I am surprised too. But many people dont still have an application like Poptray that, among other things, indicates if there is an attachment, the subject, etc.

The same for antivivus softwares. Some of them are free and very easy to update.

I am almost sure that the virus was sent to me with, in the subject, Thank You. I was so on a hurry to delete it that I forgot to look, in the preview function, who was the sender. Maybe somebody I know because of the choise of my email address.

A list of the subjects often used was on the net and in the newspapers yesterday and this morning : Undeliverable Mail, Returned Mail Delivery Failure, re: details, re: approved, re: thank you or just Thank you.

This link could be useful for those who have been infected or think that they could have been infected.
:o

User avatar
Renier
Site Admin
Posts: 1957
Joined: Mon Oct 15, 2001 12:54 pm
Location: Cape Town, South-Africa
Contact:

Post by Renier » Mon Aug 25, 2003 9:51 am

I've recieved about 200 of these. By far the worst virus I've ever encountered.

I can understand that people don't want all attachments blocked, but blocking things like .pif sounds like a good idea to me. Who would really send a .pig attachment?

User avatar
LegoBas
Expert
Posts: 129
Joined: Tue May 27, 2003 2:42 pm
Location: Middle Earth

Funny...

Post by LegoBas » Mon Aug 25, 2003 10:42 am

:lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol:

When you said:
Renier wrote:Who would really send a .pig attachment?
Did you mean the following?
Image

User avatar
homaquebec
PopTray Family
Posts: 913
Joined: Tue May 27, 2003 6:47 pm
Location: Québec (Canada)

Re: Funny...

Post by homaquebec » Mon Aug 25, 2003 6:25 pm

bdr wrote:

When you said:
Renier wrote:Who would really send a .pig attachment?
Did you mean the following?
Image
What about that :
Image

User avatar
homaquebec
PopTray Family
Posts: 913
Joined: Tue May 27, 2003 6:47 pm
Location: Québec (Canada)

Infected computers

Post by homaquebec » Mon Aug 25, 2003 9:58 pm

The number of infected computers worldwide fell by one-third from Saturday, declining in the 24-hour period to 98 205 from 145 264, the antivirus software maker Trend Micro said.

SoBig.F is the sixth version of a virus that first appeared in January. Each one has been stronger than the previous ones, security officials said.

The SoBig.F virus is programmed to expire on Sept. 10.

User avatar
ilNebbioso
PopTray Family
Posts: 773
Joined: Fri Feb 01, 2002 10:30 am
Location: Milan, Italy
Contact:

Post by ilNebbioso » Tue Aug 26, 2003 11:04 am

I do not agree with Renier when he says it's quite stupid that .pif/.scr attach are not blocked by default. In fact, as one of latest virus demonstrated, it's quite easy to .zip a .pif file for a virus. So, also if the server/client blocks the pif/scr attach, the problem is NOT solved at all (a scr is just an exe renamed with a starting parameter impliced).

So, the main problem is to learn people that a pif/scr file probably is a virus, like it's dangerous to take an aspirina with a Coke. :!: And, double clic is easy like to pass by a red traffic-light: who knows about the conseguences? Finally, before double-clicking the user HAVE to think if the message is real or there is the possibility to be a virus at the same way you receive at home a phone call from someone you don't know who calls you "my old friend"....

(yes, I'm a phylosopher too...!) :wink:

User avatar
Bateman
PopTray Family
Posts: 664
Joined: Sun Nov 11, 2001 9:53 pm
Location: Germany

Post by Bateman » Tue Aug 26, 2003 1:26 pm

I agree with my Italian friend here :wink:

Especially in the point that people should be more concerned about their computers. Most take it just for granted that all should work fine and get the absolute horror if a virus occurs. Fortunately a lot of ISPs and email providers figured the situation out and for the first time I received zero virii - but got about 30 messages that infected mails were blocked :)

Instead of complaining about the loads of bugs in MS systems, people should also read the news since the patch for these villains was available several weeks before the attack started...

User avatar
ilNebbioso
PopTray Family
Posts: 773
Joined: Fri Feb 01, 2002 10:30 am
Location: Milan, Italy
Contact:

Post by ilNebbioso » Tue Aug 26, 2003 2:22 pm

Bateman,
I repeat my point of view: this kind of virus (.pif, .scr) aren't new at all. Ok, they're new viruses, but SoBig.F hasn't got anything REAL new.
It's just an attach the user have to open in order to infect the pc. No exploit, no bug.

As I love to say: the problem isn't the user ("utente" in italian), but it is the stupid-user ("utonto", a personal mix of user/utente and stupid/tonto).

User avatar
Renier
Site Admin
Posts: 1957
Joined: Mon Oct 15, 2001 12:54 pm
Location: Cape Town, South-Africa
Contact:

Post by Renier » Tue Aug 26, 2003 3:21 pm

Humans will never be perfect, and remember that a lot of people are not as computer savvy as we are.

And also just think of all the wasted bandwidth. If the server just refused to send .pif attachments in the beginning it would have saved a lot of bandwidth worldwide.

User avatar
ilNebbioso
PopTray Family
Posts: 773
Joined: Fri Feb 01, 2002 10:30 am
Location: Milan, Italy
Contact:

Post by ilNebbioso » Tue Aug 26, 2003 3:37 pm

Renier,
obviuosly your point of view isn't wrong: I personally will install a plugin on my new mailserver who will junk pif/scr/com/bat and will also have a spam filter (by keyphrases)... :!:

But, let's imagine from tomorrow all servers worldwide junks .pif/.scr attach: virusmakers will just change their attach with exe or zip them (as SoBig.E). Will we also junk messages with attach extensions zip, exe, pif, scr, com, bat and so on?

We'll win the battle, not the war.... :?

User avatar
homaquebec
PopTray Family
Posts: 913
Joined: Tue May 27, 2003 6:47 pm
Location: Québec (Canada)

Post by homaquebec » Tue Aug 26, 2003 4:56 pm

Don't clamour Victory foo fast !

If servers offer the possibility of doing any filtering, they will charge money for that (in America).

In addition, since people can be sued for anything (always in America, specially in USA), servers will maybe refuse to do that being afraid to be sued for having destroyed important messages and attachments.

We should always remember that most people who use a computer must work with simple-to-use applications. And since more than 50 % of adults, here in Canada, use a computer, everything must me done to keep it simple !
:roll:

User avatar
ilNebbioso
PopTray Family
Posts: 773
Joined: Fri Feb 01, 2002 10:30 am
Location: Milan, Italy
Contact:

Post by ilNebbioso » Tue Aug 26, 2003 5:15 pm

homaquebec,
I was just painting a free of charge ideal and no-real-at-all situation.
Here in Italy there are some big ISP who offer antispam and antivirus features, but obviously you have to pay for it...

User avatar
Bateman
PopTray Family
Posts: 664
Joined: Sun Nov 11, 2001 9:53 pm
Location: Germany

Post by Bateman » Tue Aug 26, 2003 5:35 pm

Humans will never be perfect, and remember that a lot of people are not as computer savvy as we are.
You are right, Renier. But for cases e.g. like the latest threats, MS has included the (much hated) automatic update in their operating systems. Chances for keeping it simple and still relatively safe are given - but unfortunately only rarely or not used at all.

Maybe we have it better over here in Europe (at least in Germany), most mailfiltering by ISPs according to rules created by the user are for free. Seems this is the first time we are not behind in terms of services :wink:

User avatar
ilNebbioso
PopTray Family
Posts: 773
Joined: Fri Feb 01, 2002 10:30 am
Location: Milan, Italy
Contact:

Post by ilNebbioso » Wed Aug 27, 2003 9:42 am

As sometimes I wrote on this forum, I admin some public mailboxes of famous people in the sport (italian and not).

And, as someone maybe know, the period 9-24 August was here in Italy the main summer holiday period.

So, during last week I received some emails with SoBig, but not so much.

But, in latest 24 hours, I received more of 200 SoBig viruses into the italian ones.

It is a (bad) way to say:
1) people here is slowly coming back at work/home
2) a lot of people doesn't have any antivirus updated
3) a lot of people too didn't update their antivirus (*IF* installed) when first SoBig virus was discovered (more than one month ago: I just received also first versions of SoBig virus).

:( :( :( :( :( :( :( :( :(

User avatar
Curtz
Priceless
Posts: 552
Joined: Tue Nov 27, 2001 3:52 am
Location: A nice tree

Post by Curtz » Thu Aug 28, 2003 2:11 am

I freaked out when my webhotel filtered out attachments like *.exe and *.pif without telling me about it first. I actually forced them to disable this feature.

BUT I was running my own mailserver on one of my computers, and guess what that mailserver did... yep, it rejected messages with certain attachments. I was myself doing what I hated them for.

Lately I shut down this server, and get every single mail. I asked them to enable the filter again. What does it do? It rejects all e-mails with attachments no one evers send to me. Perhaps EXE files, but both sender and receiver gets a mail when a mail was rejected. The mail can be received by the receiver if that is what he/she wants, by answering the notification mail.

In Denmark ISPs were called inresponsible for not doing anything about viruses. Quite a few showed responsibility by applying filters like the above mentioned. NO Sobig mails reached my private e-mail address, unlike the address I use at work.

So far I am only happy that my ISP installed a filter. My first reaction was anger, but after some thought... I was a splendid idea. Everything the filters does is visible to me, and can be undone.

User avatar
ilNebbioso
PopTray Family
Posts: 773
Joined: Fri Feb 01, 2002 10:30 am
Location: Milan, Italy
Contact:

Post by ilNebbioso » Thu Aug 28, 2003 8:50 am

Curtz,
as I told you before, I'll personally add to the new mail server (Q4 2003) filters for .pif, .scr and .vbs and I'll see surely only ood results. But this will not solve the problem on the long time.

In fact, if only 50% of ISP will add attach filters virus-makers will make their virus as zip attach (as SoBig.E). After this, we'll be again at the same point.... if AntiVirus software will not scan inside zip files.... (Norton Antivirus Corporate 7.x don't do this, :( I have to install 8.1 now!)

User avatar
Curtz
Priceless
Posts: 552
Joined: Tue Nov 27, 2001 3:52 am
Location: A nice tree

Post by Curtz » Thu Aug 28, 2003 11:54 am

Filtering attachtments does not solve the problem, but it certainly takes good care of many many viruses, thus reducing the virus storm significantly.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests