Now I'm getting messages with the same subject lines and the bastards aren't even bothering to attach the virus file.

What's up with that?

Wayne

maybe a firewall's stripping the attachments

>maybe a firewall's stripping the attachments

Must be on one of the sender's servers. I'm still getting some with attachments, so I know it's not mine.

I think they're just conserving bandwidth :)

Wayne

And my webhost doesn't even allow me to delete this email address or to set some quota. When I try to do so, the viruses don't return back to sender, or to outer space, or to hell, but accumulate in some spool/mqueue folder on my account, counting towards my webspace, and I cannot even delete them from there (550 permission denied)!
Nightmare...

Your main email account should have some feature to forward the email to some email address without holding a copy of the email.

I have all bad email forwarded to a trash email address and just empty it from time to time.

What are the repercussions of this for us?

We're all receiving a lot of bounce backs, whether inocuous as just 'undeliverable', but in many instances as 'Undeliverable: Spam' or 'Unsolicited commercial email rejected'.

Are the spam cops going to take a couple of days off and not include virtually every e-mail addy in the world in their spam databases? Has anybody heard how this is going to be handled?

I am comfortable in my knowledge that I have had nothing to do with the emails that bear my address and the addresses of others in my company.

I delete the emails that seem to be bounce backs, although I think some are just new angles, just the same as RE: Wicked Screensaver.

I have in the past replied to angry people who believe that I have spammed them or sent them a virus, and explained that my email addy was hijacked, and there is nothing I could do about it now. Most, < 95% believe me, and the problem is solved.

I'm not worried about individuals, there are plenty of places to point them to tell them about the situation and that we are not at fault.

My biggest concern is with the spam cop-type companies that collate complaints and add offenders to a database; similarly the large companies that provide spam checking for ISPs and such.

Much of this is automated and and my major concern is that it is out of our control. I assume such companies are taking all of this into consideration but really don't want to wake up to any nasty surprises.

Anyone using Pc-cillin know of a way to stop that darn pop up alert from showing when a virus is detected and dealt with? I am contantly clicking [Close] I don't want to stop checking my email, while I am working, but it's quite annoying popping up every five minutes about 5-10 times.
I can't seem to find any options to turn it off.
Thanks,
Kelly

It's mimiking browsing patterns.
Just browsing through hosting provider sites, like a tonne of heap came 30 odd mails in less than 1 hour saying that your message to these hosting providers bounced.

I haven't even seen 1% of the sites.This is really sick.

From India

Looks like my host was able to put a fix in, no sobig e-mails in almost 3 hours.

Seems a bit too quiet around here now.

Seems a bit too quiet around here now.

Hah! That’s funny.

On the note of spam cops: I do not think we need to worry. Not an expert, but I believe the email itself gives away the fact that it is not from the displayed source. Any automated spam seeking bot would pick up something buried in the non-visible header.

Nortons is doing a fantastic job at deleting them for me, but still, getting about 800 of them a day is a bit annoying!

I was getting so many of these emails I deleted the acccount and set up an autoresponder for the address, although its a clumsy solution it is working well and I haven't received anymore of the annoying emails.

On the note of spam cops: I do not think we need to worry.

You're right. They are only interested in the IP address the mail was sent from, not the To: and From: of the message. I just checked SPAMCOP and found this message on their main webmail page:

We are now blocking over 7500 copies of the Sobig.f virus every hour. That's more than 2 per second. Put another way, that's over 1.6 Mbps of continuous virus traffic, non-stop since yesterday morning.

If you lot think you have it bad... i have been getting lots of complains because a lot of people have been getting this virus with my aol email address in the sender field.
Somehow the virus has spoofed my email address.

Why me?

Hopefully i am not the only one who has had their email spoofed with this virus, i would hate to think of the whole interent thinking i was the sender.

Could any of you verify what email address was used when you recieved the virus infected emails?

HostingDirectory,

After the virus infects a machine it simply plucks an e-mail address from that machines contact file to use as the 'from' address in the e-mail and uses its own SMTP engine to send messages to all e-mail addresses in the machines contact file. It ain't only you, just about everybody has had at least one of their e-mail addies spoofed.

They are only interested in the IP address the mail was sent from

Of course, didn't think of that. Though suppose there can still be repercussions unless the spam folks somehow take this whole event into consideration before blacklisting an IP. I'll just assume they know what they're doing.

Slightly off-topic, but how do you stop receiving email notificications when a thread is updated here.

Since this is such a busy thread I'm getting as many forum updates as I am worms. :-)

I have received about 3,800 emails in the last two days.

The overnight count is in the 2,000 range.

The thing is that about 5,000 people have this email address stored in their computers as the "from" email when they receive an email confirmation for their order in my store.

Needless to say, the more people have your email in their machine, more virus emails you will get (and more email will appear as originating from your domain).

This will only get worse as my email will be sent by the virus to other machines mutiplying exponentially.

I have called my hosting provider to ask wether they planned to filter all traffic matching the virus profile and the just said: "NO, we will just wait until sept 10 when the virus will delete itself. In the meantime just delete the email before downloading"

This is really irresponsible on their part. They just gave me the url for symantec to update my virus definitions. (as if I didnt know what to do to protect my own machine).

I do not know what is involved in filtering all this email traffic but for now I will delete those email accounts and all this traffic is going to bounce back (double traffic).

Two weeks of this, unattended is unacceptable.

I think it is time we realize how fragile the whole system is.

Exactly the point I was trying to make earlier....our web hosting companies could set up 7 or 8 filters and put an end to this thing - blow the mail off their server, and we'd never even have to download it and deal with it.

I'm now having to do this manually myself, because the hosting company (who has been great up to this point) has basically taken the 'wait and see' approach.

Also, they don't want to use filters because they're afraid of getting a 'false positive' and accidentally deleting a good email, so they're letting tens of thousands of bad ones pile up instead.

Nice of them to leave us trying to 'bail water out the Titantic using a spoon'

I just sent an e-mail to the guy who hosts my sites giving him a pat on the back for putting a fix in, haven't had a sobig e-mail since 9:30A Eastern time. Turns out he didn't know what I was talking about.

I guess the center where the servers are located took some action on their own. Doubt if it's dying down; as bad as it is it will probably go on until the September 10th expiration.

<<Slightly off-topic, but how do you stop receiving email notificications when a thread is updated here.>>

"If you wish to "unsubscribe" from these mini notices, you may edit your message and uncheck this box."

In defense of hosting providers ;)

Most generic spam filters are just limited to email addresses and not based on expressions which can only be found from the high end spam filters which in turn are tied up to products such as mail servers.

The short of it...good spam filters = $$$ per license/server. So, in essence most hosting providers dont have good spam filters.

Heck, Bellsouth a huge ISP here in Florida, don't even have a configurable spam filter for their customer accounts.

Other Notes

Autoresponders - Pls. do not use this feature at this time, it just add noise to already crowded email traffic.

Catch-all - delete this useless email feature in your server

Spamcorp - it takes several offense and reported from different sources for the same IP to be included in the spam database. This has nothing to do with 'Reply To' and 'From' field of the email.

<added>Anti-virus software - are stupid, by now, developers of such softwares should realize that 'Reply To' are most often spoof addy, it should just quitely delete these files instead of sending those stupid notification.</added>

I just sent an e-mail to the guy who hosts my sites giving him a pat on the back for putting a fix in, haven't had a sobig e-mail since 9:30A Eastern time. Turns out he didn't know what I was talking about.

Don't be so sure jimbeetle, I had a pause for about two hours and I thought they put an end to it.

The email rain started again!.

Most probably their email server crashed ;-)

Just a wild guess though.

until the September 10th expiration.

reminds me of something..just a weird coincidence?

I had a pause for about two hours and I thought they put an end to it...Most probably their email server crashed

E-mail working smoothing so far and now going on 6 hours without a sobig message. But per your warning won't be surprised if it starts again, just keeping fingers crossed for now.

Here's a first for us. We just got a message from a server in Japan that we had a voice mail message. I'm pretty sure this virus has now made its way into voice mail systems. :-(

Thanks to this virus I have started looking at spam as "legitimate emails"

Funny.

I'm making a game out of it. Seeing how many incoming Sobig e-mails I can throw in the 'deleted' byte bucket (am at 100% now) and how many spoofed e-mail bounces I can throw in a 'returned mail' byte bucket (am at about 95% now).

Not much spam left in my Outlook Express inbox now, just the normal two or three hundred UCE's I get each day.

It's a good thing we all have a good sense of humor over this thing.....or maybe we're all REALLY desperate for entertainment

I almost (sniff sniff) feel bad for the real spammers, who are going to be having trouble making a living because their (sniff sniff) messages will be so hard to get through.

My 'normal, everday' spam mail has basically come to a halt during the last 24 hours. Anyone else seeing the same?

I dont know if anyone has said this yet BUT if not you can download mailwasher which delete's from your server and you wont have to download the emails you dont want onto your machine.

If you put in a spam filter to mark for delete all emails with eg. Re:your details, Re:fantastic Screensaver and all the rest of subjects that they do (There is only about 9ish that sobig worm is using) you can then auto delete them from your server before downloading onto your machine.

ps. Im not an affiliate of mailwasher or have anything to do with them....its just a very good FREE programme that im sure alot of senior members of this forum will agree with me about how useful it is...just do a site search about it!