homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

This 198 message thread spans 7 pages: 198 ( [1] 2 3 4 5 6 7 > >     
30 virus attacks in 2 hours! - W32.Sobig.F@mm
After the blaster another one mass mailing virus!

 4:15 pm on Aug 19, 2003 (gmt 0)

The virus W32.Sobig.F@mm has been really really quite recently howver symantec have just upgraded it to nearly the same level as the blaster.

For some reason in the last two hours I have received 30 attacks all of which where stopped by Norton with no problems.

The virus is sending it self to any email address found on html, htm, txt files and more on the internet.

So now I am taking all my addresses of all my high ranking web sites and using php to protect my email accounts.

Has anyone else seen a sudden increase of attacks from this virus?

What a week its turning out to be :(



 4:21 pm on Aug 19, 2003 (gmt 0)

I'm getting pounded in just the last few hours.

So now I am taking all my addresses of all my high ranking web sites and using php to protect my email accounts.

Did that then I remembered the industry-specific directory listings that I have that also require/display e-mail addresses, it's hopeless.


 4:25 pm on Aug 19, 2003 (gmt 0)

I know it will be difficult or impossible to take away all my email addresses off the web sites or off the internet but at least I should be able to reduce the risk of receiving these nasty mass mailing viruses and SPAM.

Well I hope anyway!


 4:44 pm on Aug 19, 2003 (gmt 0)

I've gotten about 20 emails in the last three hours with "your details" or "wicked screensaver" in the subject line -- all apparently generated by this virus.


 4:49 pm on Aug 19, 2003 (gmt 0)

I don't know. By know, people should now not to open any attachment they are not expecting, much less if the rest of the email doesn't mean anything to them. So who falls for that?


 4:50 pm on Aug 19, 2003 (gmt 0)

Ys thats the one I am getting its as if it has suddenly taken hold of its full strength. Apparently it will be active until the 9th September 2003.

Which makes no difference these days as another one will be out next week.



 4:50 pm on Aug 19, 2003 (gmt 0)

I am getting thousands of them in last 2 hours!

Also, I am getting dozens that appear to be returned mail from other sites. (looks like someone sent mail to them from my address)


 4:52 pm on Aug 19, 2003 (gmt 0)

My email addresses will now be on everyone's SPAM list.

Everyone better think about the impact this will have on their e-mail campaigns/ newsletters.


 4:54 pm on Aug 19, 2003 (gmt 0)

I don't know. By know, people should now not to open any attachment they are not expecting

Yes your right thats why I delete everyone if it manages to get passed the virus checker.

I don't think anyone has yet to mention that they had opened it.

I was pointing out how in the last few hours this has suddenly taken hold of everyone or most people.


 4:58 pm on Aug 19, 2003 (gmt 0)

My point was more in the direction of 'why do people (hackers or whatever) make that kind of virus? It doesn't open backdoors for them, it doesn't crash M$ servers, all it does is getting people away from email. Email being the most used part of the Internet, it comes down to getting people away from the Internet. That's all it achieves and who would want that?


 5:00 pm on Aug 19, 2003 (gmt 0)

I received this from our sales team, the entire dell support team, and myself. Ha.. In reality though, I am averaging one per minute right now, and I am kissing my System works Case.


 5:00 pm on Aug 19, 2003 (gmt 0)

Just create a filter that will delete all the email with specific subjects. If they are all generated there shouldn't be many of them.

If you usually do not receive any attachments, then set a filter to delete all emails that contain attachments.


 5:03 pm on Aug 19, 2003 (gmt 0)

I carnt use filters as people send me images by attachments for advertising on my web site plus the virus is using many different subjects and titles for the attachment.

Last time I tried to filter I managed to filter out good emails.

I am fully protected by Norton is just a pain as every two minutes another one comes in and it goes through the whole process again of deleting it.

I hate them :(


 7:10 pm on Aug 19, 2003 (gmt 0)

Does anybody have any idea what is causing this massive bomb? Just took lunch, and in one hour received 123 new copies of this bugger.

I have never seen a worm go off like this.


 7:19 pm on Aug 19, 2003 (gmt 0)

Thats why I started the thread!

In the 3 hours I had 40 attacks but now it has stopped and moved on to somebody else.

Again I am fully protected.


 7:27 pm on Aug 19, 2003 (gmt 0)

It is spreading like mad.



Be on the lookout for FAKE e-mail messages being
sent by the W32.Sobig.F worm. W32.Sobig.F spreads
by sending itself to all email addresses found in
mail messages and address books. If you receive
any messages with subject lines similar to the
following, they are most likely messages
generated by the worm:

The worm has the following details:
From: admin@internet.com

Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details

See the attached file for details
Please see the attached file for details.

application.zip (contains application.pif)
details.zip (contains details.pif)
document_9446.zip (contains document_9446.pif)
document_all.zip (contains document_all.pif)
movie0045.zip (contains movie0045.pif)
thank_you.zip (contains thank_you.pif)
your_details.zip (contains your_details.pif)
your_document.zip (contains your_document.pif)
wicked_scr.zip (contains wicked_scr.scr)


 7:38 pm on Aug 19, 2003 (gmt 0)

Makes you wonder if options like "Automatically put people I reply to in my Address Book" (in Outlook Express) causes more harm than good.


 7:43 pm on Aug 19, 2003 (gmt 0)

If I was only getting 40 in three hours I would be very pleased. Hitting 140 per hour right now.


 7:47 pm on Aug 19, 2003 (gmt 0)

Hitting 140 per hour right now

How do you get that many?

You must have many web sites and email addresses posted on the web pages, either that or he has managed to get into your email program.

I had 40 attacks in 3 hours most of them with in 1 hour and now nothing! :)


 7:58 pm on Aug 19, 2003 (gmt 0)

I'm still getting 2-4 every 5 minutes on my strongest domain. Other weaker domains are getting 2-4 every hour.


 7:58 pm on Aug 19, 2003 (gmt 0)

Seeing a lot of the same here too, annoying isnt' it?



 7:59 pm on Aug 19, 2003 (gmt 0)

>>Makes you wonder if options like "Automatically put people I reply to in my Address Book" (in Outlook Express) causes more harm than good.<<

I think that's the real culprit rather than the email addresses on the web. I've received several hundred per hour to an address that is not listed on the web.


 1:58 am on Aug 20, 2003 (gmt 0)

I just received a bunch of returns saying that I had sent this out and they had either bounced or being caght by virus checkers.

NONE of the people I've rec'd bounces from are people I have heard of and NONE of them are in my address book.

So I'm assuming this latest iteration of this worm/virus is forging From's like mad?


 2:10 am on Aug 20, 2003 (gmt 0)

This seems to be a particular problem for webmasters with unobfuscated email addresses contained on their web pages.

The worm extracts email address from various file types found on the infected computers hard drive - amongst those file types are .htm and .html.

Unfortunately; Internet Explorer's cache directory is chock-a-block full of .html files containing the email addresses of poor webmasters :(

So if you run a popular site with an unobfuscated email address; your address is on the hard drives of thousands of computers world wide and you're gonna get hit hard.


 2:20 am on Aug 20, 2003 (gmt 0)

Yes I have been hit hard.

What really gets me upset, is several virus engines are sending me back an email saying I have the virus. My address is being spoofed, why can't these virus checking programs send the virus message to the original sender, or throw it away, rather sending it to the address that is being spoofed.


 2:38 am on Aug 20, 2003 (gmt 0)

I was out from noon-now (about 9 hours). I had HUNDREDS of virii and automatic e-mails from other people whos virus software had deleted a virus and sent me an e-mail.

The worst part about these is that it makes it look like I am sending a virus to a potential customer since many of the people who have me in their address book share a common interest with others in the address book. :(


 2:45 am on Aug 20, 2003 (gmt 0)

Started receiving notices from ISP's in the early afternoon that our message, which really wasnt ours, had a virus and was deleted. Since then we've received over a hundred. I hope ISP's get wise and stop sending out these virus warning messages to the wrong person. I would have thought they would have stopped doing this a long time ago.


 7:05 am on Aug 20, 2003 (gmt 0)

I just received around 19000 such emails overnight in just one account. I am checking others.

This virus sucks bigtime.


 7:38 am on Aug 20, 2003 (gmt 0)

>This virus sucks bigtime.
The people that created it suck big time.


 7:57 am on Aug 20, 2003 (gmt 0)

This virus is more of annoying then damaging.

If you are well protected it can still be a pain as we have seen some are receiving this at a rate of 100 per hour.

This is worse then SPAM, it just sucks every email address on web sites and in email programs and it doesn't care if it had already sent it to you which means this will carry on for sometime.

Those of you who have two or three email addresses on every web page I suggest you remove them. Create a php form which will limit the damage.

One thing is for sure The Google Cache will not be helpful.

This could make things a lot worse as our email addresses can be stored in the pages for quite some time specially if the cache page is not updated on a regular basis.

This 198 message thread spans 7 pages: 198 ( [1] 2 3 4 5 6 7 > >
Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved