Ruin Posted August 19, 2003 Share Posted August 19, 2003 I've gotten two e-mails today (one from rocky@ghostrecon.net and ben@bencummings.net) that contained a .pif file. AFAIK this is a virus file and hotmail did NOT pick it up. They're both around 100K each, so be wary. The two files are: document_9446.pif document_all.pif So be careful; both of them have this text in the messgae: See the attached file for details Also, I keep getting a lot of Mail Delivery Notification System ones with 100K attachments. Ones I know I did NOT send. I just got one from deep6@thecombatzone.com Here's the info: From : Mail Delivery System <Mailer-Daemon@host.amslanta.com> To : therealruin@hotmail.com Subject : Mail delivery failed: returning message to sender Date : Tue, 19 Aug 2003 16:09:57 -0400 This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: deep6@thecombatzone.net This message has been rejected because it has a potentially executable attachment "wicked_scr.scr" This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it. Quote Link to comment Share on other sites More sharing options...
Zeko Posted August 19, 2003 Share Posted August 19, 2003 Hmm...I hope it's not some worm again like last time Quote Link to comment Share on other sites More sharing options...
BlueRose_76 Posted August 20, 2003 Share Posted August 20, 2003 (edited) Yeah, its a relatively new worm, the W32.Sobig.f Properties of the email it sents -Subjectfield: Re: Thank you!, or; Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie -Message; See the attached file for details Please see the attached file for details -Name attachment: your_document.pif, or: document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif Edit; when you find "WINSTT32.DAT" and "WINPPR32.EXE" on local disks youre infected. Got information on a dutch site, but if you google on the worms name, you sure will find it. Its isnt a dangerous one, but it is a pain ITA. Be careful with all self-executable attachements, even if your hotmail filter lets it trough. Edited August 20, 2003 by BlueRose_76 Quote Link to comment Share on other sites More sharing options...
Zantar45 Posted August 20, 2003 Share Posted August 20, 2003 More of what BlueRose is talking about; New Computer Virus Clogs E-Mail Inboxes NEW YORK - A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week's outbreak of the Blaster worm. The new virus, named "Sobig.F" by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail. MessageLabs Inc., a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday Tuesday, making it by far the most active virus of the day. "It's definitely spreading very quickly, just an incredible ramp-up so far this morning," said Brian Czarny, marketing director at MessageLabs. The variant is likely to be one of the more successful versions of a very successful virus strain, he said. The previous Sobig.A and Sobig.B variants are both on MessageLabs' list of the biggest 10 e-mail viruses of all time. The e-mail message that carries Sobig.F has the subject line "Re: Details" and the message "Please see attached file for details." If a recipient clicks on the attachment, which can have multiple names ending in the .pif file extension, the computer will be infected. The virus will then send itself out to names found in the victim's address book and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it. Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10. The Blaster worm is still at large. It uses a published flaw in Microsoft's Windows operating systems to spread via network connections, without using e-mail. It slowed down the Internet and caused computer restarts worldwide, but the attack it was programmed to carry out against a Microsoft Web site on Saturday proved harmless. So far I got this virus 2 times today. Thank goodness I always get rid of all my emails in the bulk folder without opening them. Quote Link to comment Share on other sites More sharing options...
Ruin Posted August 20, 2003 Author Share Posted August 20, 2003 I got 7 Mail Delivery Failur things in the past 3 hours. Be careful guys, this is insane! Quote Link to comment Share on other sites More sharing options...
Specter Posted August 20, 2003 Share Posted August 20, 2003 I got 13 in the past 7 hours. DO NOT OPEN ATTACHMENTS YOU DONT KNOW WHERE THEY CAME FROM ! ! PLEASE ! ! It will be a nightmare for you if you do. Quote Link to comment Share on other sites More sharing options...
Ruin Posted August 20, 2003 Author Share Posted August 20, 2003 As I mentioned earlier the Hotmail Virus scan will NOT pick them up. Follow Phantom's advice. Quote Link to comment Share on other sites More sharing options...
firefly2442 Posted August 20, 2003 Share Posted August 20, 2003 This virus knocked out the company that my dad works for. Thousands of computers shut down across the US. Pretty bad week for viruses eh? Quote Link to comment Share on other sites More sharing options...
Zantar45 Posted August 20, 2003 Share Posted August 20, 2003 DO NOT OPEN ATTACHMENTS YOU DONT KNOW WHERE THEY CAME FROM ! ! PLEASE ! ! It will be a nightmare for you if you do. Best advice anyone can give. I currently DO NOT open any emails if I don't know who they are from. I also get around 220-300 emails a day. Because someone sold my info. Out of the almsot 300 daily emails there are sometimes around a dozen that contain viruses.Its gotten to the point where I check my email and empty the whole thing without even looking through them. Quote Link to comment Share on other sites More sharing options...
Specter Posted August 20, 2003 Share Posted August 20, 2003 Since my last post at around 18:52 where I had received 13 of these things, I have received 37 more of these viruses in my email box. This s**t is p*ssing me off big time. What's wrong with these assh*les? @Zantar I pull around 200 or more a day myself. So far, I have received 50 of these d*mn things today. 50 ! ! Boy, what I wouldnt give to hang these b*stards out to dry ! ! Quote Link to comment Share on other sites More sharing options...
Avey Posted August 20, 2003 Share Posted August 20, 2003 I got 13 in the past 7 hours. DO NOT OPEN ATTACHMENTS YOU DONT KNOW WHERE THEY CAME FROM ! ! PLEASE ! ! It will be a nightmare for you if you do. Don't get injured or sick in the UK!! Where my dad works (undisclosed Hospital in the UK) all the computers in the hospital have now been down for 24hrs!! Quote Link to comment Share on other sites More sharing options...
Stalker Posted August 20, 2003 Share Posted August 20, 2003 hey all! I just got 3 mails with a new virus... Sobig.F update your antivirussoftware (thank god, I ve done this yesterday)!!!! title is : Wicked Screensaver Thank you My Details Details Approved the movie Quote Link to comment Share on other sites More sharing options...
~NkOgNiTo~ Posted August 20, 2003 Share Posted August 20, 2003 (edited) just wanted to post a little warning to be careful what you open, i rarely send email to anyone, mostly it is used just for the forum reply notifications sent by this site and agr-s.com, this morning i recieved 5 email messages that were caught by NORTON AV, all 5 had viruses in them, one was in spanish, man even viruses are becoming bi-lingual, anyway one of the main reasons that i am posting in here is because one of them mentioned The PLatoon, one or two said they were returned because of a virus found, others said the recieptant had no room in their storage box, and one that the address did'nt exsist, i don't know if these messages were sent to me from another computer putting my address as the orig sender as a trick, or if somehow someone used my email address as the sender and these are ligit returns of the virus, anyway i have scanned my pc and it is clean...so just a heads up, for some strange reason that u don't have a AV that scans your email, be wary of returned messages, be sure you have sent email recently before u open it, the headers read something like..."Mail Delivery Subsystem" or "Mail Delivery System" or "Mail Administrator" and the one in spanish read "Postmaster@sion.com" , one was returned by AOL who i have noone in my address book with an AOL address and another from "tropicalfishstore.com" I DON'T HAVE ANY FISH!!! and of course there was the one from "support@theplatoon.com"....so just a lil heads up that someone has been busy... EDIT:this was originally it's own topic so if it seems repetative, sorry, but i am leaving it as a source of more info on the topic... Edited August 20, 2003 by ~NkOgNiTo~ Quote Link to comment Share on other sites More sharing options...
BlueRose_76 Posted August 20, 2003 Share Posted August 20, 2003 Crap, there i got it myself. Just received an undeliverable mail, sent from my private adress. Strange, never opened any .pif. Kill the little ######. Out for some maintenance. Quote Link to comment Share on other sites More sharing options...
BlueRose_76 Posted August 20, 2003 Share Posted August 20, 2003 Check also this topic. Regards, BlueRose_76 Quote Link to comment Share on other sites More sharing options...
Stalker Posted August 20, 2003 Share Posted August 20, 2003 oh, sorry ,haven't noticed it but two warnmessages are better than one -Subjectfield: Re: Thank you!, or; Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie -Message; See the attached file for details Please see the attached file for details -Name attachment: your_document.pif, or: document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif Quote Link to comment Share on other sites More sharing options...
Syncopator Posted August 20, 2003 Share Posted August 20, 2003 (edited) Yup - 24 nonsense mails all infected - to my work addy. Pain in the ###### looking thru them for the one useful email that I was after! Looks like we all take the brunt. Someone should write a mod based on some cyber-terrorists in a compound...armed with pea shooters...and the ghosts get to go in.... Hackers Hell or something like that...let us pop a few caps in the backsides of these computer nerd #### (use the imagination for suitable derogatory nomenclature ) Edited for inappropriate content. -SOTOPhantm Would make me feel better anyway. Any takers? Edited August 20, 2003 by Syncopator Quote Link to comment Share on other sites More sharing options...
~NkOgNiTo~ Posted August 20, 2003 Share Posted August 20, 2003 (edited) DELETE Edited August 20, 2003 by ~NkOgNiTo~ Quote Link to comment Share on other sites More sharing options...
ZJJ Posted August 20, 2003 Share Posted August 20, 2003 I merged the three topics all talking about this virus..... Let me know if anyone wants to delete their post that refers to the other threads. " Quote Link to comment Share on other sites More sharing options...
Avey Posted August 20, 2003 Share Posted August 20, 2003 Yup - 24 nonsense mails all infected - to my work addy. Pain in the ###### looking thru them for the one useful email that I was after! Looks like we all take the brunt. Someone should write a mod based on some cyber-terrorists in a compound...armed with pea shooters...and the ghosts get to go in.... Hackers Hell or something like that...let us pop a few caps in the backsides of these computer nerd twats. Would make me feel better anyway. Any takers? What a great idea! Someone should do that I've got two more 'Mail Delivery Subsystem' e-mails within 4hrs Quote Link to comment Share on other sites More sharing options...
BlueRose_76 Posted August 20, 2003 Share Posted August 20, 2003 Removed the ###### . With THIS little free AVscanner from Grisoft. Its a decent FREE AV scanner and remover. Need to activate it through email. BTW, i dont think the virus installs by clicking on the *.pif attachments. I recommend, even if you not even opened an infected mail like i did, to scan. Good Luck BlueRose_76 Quote Link to comment Share on other sites More sharing options...
Specter Posted August 20, 2003 Share Posted August 20, 2003 I got 93 total yesterday from about 10 different infected files with the same viruses on them. Little b*stards. I hope they are done for awhile. Quote Link to comment Share on other sites More sharing options...
BlueRose_76 Posted August 20, 2003 Share Posted August 20, 2003 Watch it. The Sobig.F also install WITHOUT clicking the attachment. When you view attachments in a preview window, for example if an attached jpg appears under the messagefield, it will install too. Recommend to trash all mail immediately with: Re: Thank you! Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie in subjectfield when received. Quote Link to comment Share on other sites More sharing options...
Specter Posted August 20, 2003 Share Posted August 20, 2003 as of 1100 hours this morning, 137 virus infested emails. This is p*ssing me off ! ! Quote Link to comment Share on other sites More sharing options...
Havok Posted August 20, 2003 Share Posted August 20, 2003 Wow..that's odd. I just checked my email (scan all incoming with Norton anyways) and I got three of these infected emails. I mean it's odd that after checking it then firing up my homepage this is the first thing I see. My buddy sent me an email from his work and it was infected. New virus defintions were available today from Symantec too. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.