W32.Sobig.F@mm - noua amenintare pe piata de profil ... mai multe:
http://securityresponse.symantec.com/av ... .f@mm.html
tinand cont ca-i aparut doar de cateva ore si deja a intrat in cat 3 la Symantec, nu-i de glumit ... luati-va masurile necesare.
W32.Sobig.F@mm
- Tyby
- Dungeon Keeper
- Posts: 602
- Joined: Sun Jul 06, 2003 10:39 pm
- Location: Bucuresti
- Contact:
W32.Sobig.F@mm
Last edited by Tyby on Fri Dec 05, 2003 8:26 am, edited 2 times in total.
formerly known as gaurika ...
May the best from your past be the worst in your future!
Tyby out!
May the best from your past be the worst in your future!
Tyby out!
- sl0bizz
- elder
- Posts: 671
- Joined: Mon Jul 14, 2003 7:33 pm
- Location: Boston
- Contact:
mterial realizat de CNet.com
http://rss.com.com/2100-1002_3-5067886. ... &subj=news
Experts: Sixth son of Sobig not the last
Security researchers believe that the creator of the Sobig mass-mailing computer virus won't stop with Sobig.F--the money may be too good.
The Sobig viruses--the first of which started spreading in January--are designed to load special software that can anonymize spam onto people's PCs. The tens of thousands of computers infected by the virus can then be used by bulk e-mailers to send unsolicited messages that can't be tracked.
"It is very well planned, very well designed and very well executed," said Mikko Hypponen, director of antivirus research for security company F-Secure. Hypponen believes that the virus' author likely sells the list of compromised PCs to spammers. "For once we have a virus with a very good motive: money."
The Sobig viruses are perhaps the first to be used as moneymakers, and that means it's likely the programmer, or group of programmers, that created the latest variant won't stop, said Joe Stewart, senior security researcher for network-protection company Lurhq.
"I do think we will see a new variant soon," Stewart said. Stewart has been studying each iteration of the Sobig virus and believes that, despite heightened law enforcement interest in finding the author, it's unlikely he or she will stop or be found. "The guy obviously knows how to use proxy servers (to achieve anonymity). To think you can track him down using an IP (Internet protocol) address down is pretty far-fetched."
The Sobig.F virus started spreading a week ago, apparently from Usenet news groups where the author had posted it in the guise of a pornographic picture, according to Easynews.com--the service that had been used to post the file. Phoenix, Ariz.-based Easynews reported that it had been served a subpoena by the FBI and had provided the bureau with an apparently stolen credit card number that had been used to purchase the account.
"It appears the account was created with a stolen credit card for the sole purpose of uploading the virus to the Usenet network," Michael Minor, chief technology officer of Easynews, said in a statement Friday.
The FBI couldn't immediately be reached for comment.
The Sobig.F virus spreads by harvesting e-mails from Web pages and from an infected computer's address book. It sends a copy of itself to the addresses in an e-mail message with subject lines such as "Your Details," "Re: Approved" and "Thank you!" The virus also spreads by copying itself to shared network hard drives that are accessible to the infected computer.
Sobig.F has spread aggressively, sending far more e-mails with copies of the virus than any such program to date. The computer virus clogged corporate e-mail systems early last week, as every message had to be digitally checked for the virus before being passed on to the recipient's computer.
The latest Sobig virus uses an e-mail address other than the victim's as the apparent source of e-mail messages that it sends to spread itself. Many antivirus systems send alerts to the apparent senders of viral e-mail messages notifying them that they are infected--even when the malicious program is known to forge the source's e-mail address. The result is more e-mail clogging in-boxes and more confusion as users have to deal with additional messages accusing them of being infected.
Joe Hartmann, North American director for antivirus research at security-software company Trend Micro, believes that the FBI has its work cut out for it when it comes to catching the perpetrator.
"The person is really trying to make sure that he isn't going to get tracked down," Hartmann said. "Open proxies, stolen credit cards--it's not going to be easy."
http://rss.com.com/2100-1002_3-5067886. ... &subj=news
Experts: Sixth son of Sobig not the last
Security researchers believe that the creator of the Sobig mass-mailing computer virus won't stop with Sobig.F--the money may be too good.
The Sobig viruses--the first of which started spreading in January--are designed to load special software that can anonymize spam onto people's PCs. The tens of thousands of computers infected by the virus can then be used by bulk e-mailers to send unsolicited messages that can't be tracked.
"It is very well planned, very well designed and very well executed," said Mikko Hypponen, director of antivirus research for security company F-Secure. Hypponen believes that the virus' author likely sells the list of compromised PCs to spammers. "For once we have a virus with a very good motive: money."
The Sobig viruses are perhaps the first to be used as moneymakers, and that means it's likely the programmer, or group of programmers, that created the latest variant won't stop, said Joe Stewart, senior security researcher for network-protection company Lurhq.
"I do think we will see a new variant soon," Stewart said. Stewart has been studying each iteration of the Sobig virus and believes that, despite heightened law enforcement interest in finding the author, it's unlikely he or she will stop or be found. "The guy obviously knows how to use proxy servers (to achieve anonymity). To think you can track him down using an IP (Internet protocol) address down is pretty far-fetched."
The Sobig.F virus started spreading a week ago, apparently from Usenet news groups where the author had posted it in the guise of a pornographic picture, according to Easynews.com--the service that had been used to post the file. Phoenix, Ariz.-based Easynews reported that it had been served a subpoena by the FBI and had provided the bureau with an apparently stolen credit card number that had been used to purchase the account.
"It appears the account was created with a stolen credit card for the sole purpose of uploading the virus to the Usenet network," Michael Minor, chief technology officer of Easynews, said in a statement Friday.
The FBI couldn't immediately be reached for comment.
The Sobig.F virus spreads by harvesting e-mails from Web pages and from an infected computer's address book. It sends a copy of itself to the addresses in an e-mail message with subject lines such as "Your Details," "Re: Approved" and "Thank you!" The virus also spreads by copying itself to shared network hard drives that are accessible to the infected computer.
Sobig.F has spread aggressively, sending far more e-mails with copies of the virus than any such program to date. The computer virus clogged corporate e-mail systems early last week, as every message had to be digitally checked for the virus before being passed on to the recipient's computer.
The latest Sobig virus uses an e-mail address other than the victim's as the apparent source of e-mail messages that it sends to spread itself. Many antivirus systems send alerts to the apparent senders of viral e-mail messages notifying them that they are infected--even when the malicious program is known to forge the source's e-mail address. The result is more e-mail clogging in-boxes and more confusion as users have to deal with additional messages accusing them of being infected.
Joe Hartmann, North American director for antivirus research at security-software company Trend Micro, believes that the FBI has its work cut out for it when it comes to catching the perpetrator.
"The person is really trying to make sure that he isn't going to get tracked down," Hartmann said. "Open proxies, stolen credit cards--it's not going to be easy."
Daca va prisosesc sau va trebuie obiecte, incercati Freecycle Bucuresti. Daca nu va trebuie nimic, ma supar.
- originaltup
- elder
- Posts: 1749
- Joined: Sun Jul 06, 2003 11:52 am
- Location: Ohio
Mai e de groaza cu asta, imi vin in bulk o gramada cu el. Si am vazut si la altii ca vin. Asa ca atentie la bulk-uri.
Si inca ceva, daca imi vin bulk-uri virusate de la oameni pe care ii cunosc, inseamna ca respectivii sunt virusati?
PS. doar pe adresa principala de pe yahoo vin, restul inca sunt fara probleme.
Si inca ceva, daca imi vin bulk-uri virusate de la oameni pe care ii cunosc, inseamna ca respectivii sunt virusati?
PS. doar pe adresa principala de pe yahoo vin, restul inca sunt fara probleme.
- eugen
- Site Admin
- Posts: 687
- Joined: Sat Jul 05, 2003 10:42 pm
- Contact:
mesajele alea vin pentru ca in pc-ul virusat exista atat adresa ta cat si a oamenilor pe care-i cunosti (si asta in orice fisier in care worm-ul gaseste o adresa de mail, nu doar in address book). e posibil ca si lor sa le vina mesaje de la tine, si de la alte adrese, mai mult sau mai putin fanteziste. uite-te la full headers sa vezi de unde e de fapt mail-ul.
- Nick
- junior
- Posts: 33
- Joined: Fri Aug 08, 2003 8:00 pm
- Contact:
- originaltup
- elder
- Posts: 1749
- Joined: Sun Jul 06, 2003 11:52 am
- Location: Ohio
Hai ca asta e buna!!! Pai de unde naiba ca eu nici nu am mailul tau si nici nu l-am avut vreodata. Adica am vazut ca am mailuri virusate in bulk (accidental ca nu prea ma uit ce vine in bulk, sterg direct) dar oricat ar fi el de smecher cum a gasit adresa ta de unde nu e? Sau e nevoie de un third-party, sau ti-au venit din mailul propriu, sau faci misto. Care sa fie?
- Nick
- junior
- Posts: 33
- Joined: Fri Aug 08, 2003 8:00 pm
- Contact:
- originaltup
- elder
- Posts: 1749
- Joined: Sun Jul 06, 2003 11:52 am
- Location: Ohio
Who is online
Users browsing this forum: No registered users and 43 guests