Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: phranque
For some reason in the last two hours I have received 30 attacks all of which where stopped by Norton with no problems.
The virus is sending it self to any email address found on html, htm, txt files and more on the internet.
So now I am taking all my addresses of all my high ranking web sites and using php to protect my email accounts.
Has anyone else seen a sudden increase of attacks from this virus?
What a week its turning out to be :(
I don't know. By know, people should now not to open any attachment they are not expecting
Yes your right thats why I delete everyone if it manages to get passed the virus checker.
I don't think anyone has yet to mention that they had opened it.
I was pointing out how in the last few hours this has suddenly taken hold of everyone or most people.
Last time I tried to filter I managed to filter out good emails.
I am fully protected by Norton is just a pain as every two minutes another one comes in and it goes through the whole process again of deleting it.
I hate them :(
BEWARE OF FAKE E-MAIL (W32.Sobig.F Worm)
Be on the lookout for FAKE e-mail messages being
sent by the W32.Sobig.F worm. W32.Sobig.F spreads
by sending itself to all email addresses found in
mail messages and address books. If you receive
any messages with subject lines similar to the
following, they are most likely messages
generated by the worm:
The worm has the following details:
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
See the attached file for details
Please see the attached file for details.
application.zip (contains application.pif)
details.zip (contains details.pif)
document_9446.zip (contains document_9446.pif)
document_all.zip (contains document_all.pif)
movie0045.zip (contains movie0045.pif)
thank_you.zip (contains thank_you.pif)
your_details.zip (contains your_details.pif)
your_document.zip (contains your_document.pif)
wicked_scr.zip (contains wicked_scr.scr)
I think that's the real culprit rather than the email addresses on the web. I've received several hundred per hour to an address that is not listed on the web.
NONE of the people I've rec'd bounces from are people I have heard of and NONE of them are in my address book.
So I'm assuming this latest iteration of this worm/virus is forging From's like mad?
The worm extracts email address from various file types found on the infected computers hard drive - amongst those file types are .htm and .html.
Unfortunately; Internet Explorer's cache directory is chock-a-block full of .html files containing the email addresses of poor webmasters :(
So if you run a popular site with an unobfuscated email address; your address is on the hard drives of thousands of computers world wide and you're gonna get hit hard.
What really gets me upset, is several virus engines are sending me back an email saying I have the virus. My address is being spoofed, why can't these virus checking programs send the virus message to the original sender, or throw it away, rather sending it to the address that is being spoofed.
The worst part about these is that it makes it look like I am sending a virus to a potential customer since many of the people who have me in their address book share a common interest with others in the address book. :(
If you are well protected it can still be a pain as we have seen some are receiving this at a rate of 100 per hour.
This is worse then SPAM, it just sucks every email address on web sites and in email programs and it doesn't care if it had already sent it to you which means this will carry on for sometime.
Those of you who have two or three email addresses on every web page I suggest you remove them. Create a php form which will limit the damage.
One thing is for sure The Google Cache will not be helpful.
This could make things a lot worse as our email addresses can be stored in the pages for quite some time specially if the cache page is not updated on a regular basis.