PDA

View Full Version : Sobig virus



Ton Van Den Bogert
08-19-2003, 10:22 PM
Biomch-L subscribers,

Overnight I received 160 copies of the Sobig virus in my mailbox,
and they now arrive at a rate of about one every 3 minutes.

The virus is described here:

http://vil.nai.com/vil/content/v_100561.htm

Please be reminded not to open any of these attachments. From the
source of these e-mails, I suspect that many Biomch-L subscribers are
already infected and it is spreading quickly.

This is one of those viruses that fakes sender's addresses, which
it takes from files, such as addressbooks. This explains why many
of you appear to be getting the virus from me or from others who are
not even infected. The only clue about the real source is in the
message header. In Netscape, you can use View->Message Source to
find a line that looks like this:

Received: from [195.195.217.52] (HELO FOXHOUND)

This is the internet address of the system that sent the message.
Sometimes "ping" will translate this into a readable address,
sometimes not.

--

Ton van den Bogert, Biomch-L co-moderator
http://isb.ri.ccf.org/biomch-l

---------------------------------------------------------------
To unsubscribe send SIGNOFF BIOMCH-L to LISTSERV@nic.surfnet.nl
For information and archives: http://isb.ri.ccf.org/biomch-l
---------------------------------------------------------------