Tweeti think somthing is wrong with it
TweetAnything weird going on with Cyber-rights? I'm at work, so can't check it but it's telling me I've got like 20 messages sent all through the night and this morning....Just wondering if there's a virus or something because I never get e-mail on that account. I've got it set up where it e-mails me here at work when a message is sent to it...btw
Tweeti think somthing is wrong with it
TweetNo theres a virus thats going around.
Dont open any unexpected emails with attachments.
I got like 20 emails the other day
TweetI've gotten 20 messages from fitnessgeared@fitnessgeared.com; they were all infected with the sobi.f worm.
This is from VMan from anabolicsupport:
Warning: New Internet Virus Variants
In case you aren't aware, currently there are two rapidly spreading Internet viruses.
The most dangerous one is called Sobig.F. It is a mass-mailing worm that will hack your email and sent itself out to others in your email address book. Use caution when opening email attachments that match any of the below characteristics until you have updated your anti-virus software.
The second is Nachi.worm or Welchia.worm. This worm exploits the same port as the Blast worm that many here experienced which caused a reboot. This exploit will find systems still infected with the Blast worm, download the patch from M$FT and cause a system reboot.
I highly recommend all Windows users update their anti-virus software immediately to protect against Sobig.F in particular. Mac OS 9 & X and Linux are not vulnerable to either exploit. The following is a description of both and the locations on Symantec for Norton users and Network Associates for McAfee users:
Sobig.F:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Virus Characteristics:
This detection is for a new variant of W32/Sobig. In common with previous variants, the worm is written in MSVC, and bears the following characteristics: propagates via email, constructing outgoing messages with its own SMTP engine, propagates over network shares (not confirmed in testing yet)
Mail Propagation
The worm mails itself to email addresses harvested from the victim machine, using its own SMTP engine to construct outgoing messages. Target email addresses are harvested from files with the following extensions:
DBX
HLP
MHT
WAB
EML
TXT
HTM
HTML
Outgoing messages are constructed as follows:
Subject:
Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
Body:
See the attached file for details
Please see the attached file for details
The "From:" address may be spoofed with an address extracted from the victim machine. Therefore the perceived sender is most likely not a pointer to the infected user.
Welchia/Nachi.worm:
Systems Affected:
Windows 2000, Windows XP
This detection is for another virus that exploits the MS03-026 vulnerability. In addition to exploiting this RPC DCOM vulnerability, the virus also attempts to exploit an NTDLL.DLL vulnerability (MS03-007) via WebDav.It is not related to the W32/Lovsan.worm.d variant.
Intentions of the worm: This worm spreads by exploiting a hole in Microsoft Windows. It instructs a remote target system to download and execute the worm from the infected host. Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole. When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution. The worm also looks for and removes W32/Lovsan.worm.a from an infected system. It achieves this by targeting MSBLAST.EXE. (The process is terminated if running on the victim machine.) NB: The Registry hook employed by MSBLAST.EXE is not removed by the worm.
Norton/Symantec URL for Sobig.F: https://securityresponse.symantec.co...sobig.f@mm.html
Welchia/Nachi: https://securityresponse.symantec.co...lchia.worm.html
Network Associates/McAfee URL for Sobig.F: https://vil.nai.com/vil/content/v_100561.htm
Welchia/Nachi: https://vil.nai.com/vil/content/v_100559.htm
__________________
TweetGuess I'll be busy deleting e-mails in cyber-rights tonight.....if I can get on...lol
TweetYea, my CR acct got bombed last night from alisa FG users.
TweetDo these worms only affect pc's that download an email attachment, or are they infecting the pc just by reading
it?
Tweetjust dont open anything you dont know who it is from!!!Originally posted by olymp34
Do these worms only affect pc's that download an email attachment, or are they infecting the pc just by reading
it?
TweetI deleted everything....didn't bother opening....and everything is fine.
TweetDel after you deleted everything did you still get a bunch of new e-mails? I'm getting like 5 an hour- once I delete them 2 hours later theres another 10
TweetI just deleted mine, no big deal. And CR.net is working fine too