[ale] question about sobig

Geoffrey esoteric at 3times25.net
Wed Aug 20 07:48:16 EDT 2003


John Wells wrote:
> This morning, my inbox was filled with sobig.  I expected that.  However,
> I found a number of supposedly returned mail carrying sobig that appeared
> to have been originally sent from my wife's and my email addresses.
> 
> I assume, since I run linux exclusively and my wife only emails through
> squirrel mail, that this means someone out there that has received mail
> from us is infected and the worm is trying to send out with our email
> addresses as source address, which then get bounced by certain smart
> servers back to us.  Is this a good assumption?

This is absolutely correct.  I've been considering placing the following 
in my sig:

'Please do not place my email address in your address book if you are 
using a Microsoft based email product, since they are so easily attacked 
by viri and will use these addresses for spoofing email viri.'

> 
> Is there any way to track down an infected box?

Is it running a Microsoft product?  I actually was able to track one 
down, only because I received an email that indicated the sender was the 
sister of a friend of my wife. (did you follow that?)  Point is, this 
person would never email me, so the only other possibility was that the 
friend was infected and my email address was pulled from their addresss 
book.

In all likely hood you're pretty much out of luck in trying to figure it 
out.


-- 
Until later: Geoffrey		esoteric at 3times25.net

The latest, most widespread virus?  Microsoft end user agreement.
Think about it...

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list