BARBELITH underground
 

Subcultural engagement for the 21st Century...
Barbelith is a new kind of community (find out more)...
You can login or register.


Underground > Conversation >

Who knows about viruses and worms and wotnot? Help a non-techie sort his problem!

  
 
Scrambled Password Bogus Email
10:21 / 21.08.03
So, I posted an ad on an e-newsletter thingy I subscribe to, and used an email return address. This return address is a domain name I own that will accept an email sent to it with any name at all, and just redirect all that mail to my main email address...

Anyway, I got about 9 copies of the W32.Sobig.F virus sent to me - no biggie, I spotted it straight away and deleted all the crap - briefly infected, then sorted.

However, the virus is now 'using' the email address I posted on the newsletter to send itself to every fucker on the planet - and I am inundated with automated responses telling me either such and such is an invalid email address, or antivirus alerts telling me that such and such was undeliverable cos its riddled with disease.

Now, the domain name in the email address is my fucking company! So I'm not too happy that it is wildly sending out viruses to everyone on the planet! How can I sort this out??

Cheers folks
 
 
We're The Great Old Ones Now
10:24 / 21.08.03
You're doomed.
 
 
Unencumbered
10:27 / 21.08.03
You could set up a filter in your mail client to remove all the automated responses. That should help.
 
 
We're The Great Old Ones Now
10:36 / 21.08.03
Except that you might need some of the genuie automated responses to emails you actually send out yourself.
 
 
Unencumbered
10:56 / 21.08.03
Sam: that's true, of course, and it doesn't in any way get at the cause of the problem.

Using one or more brand new names at the company's domain and rejecting anything returned to anything else might help somewhat, too. So, if M$ has been using, say, x@domain.com and y@domain.com, switching to a@domain.com and rejecting automated responses to the old addresses would help a bit.

It's an imperfect solution to a difficult problem.
 
 
Scrambled Password Bogus Email
11:05 / 21.08.03
Aye - part of the problem being that domain.com will redirect ANYTHING sent to it - so fishface@domain.com or xerxes@domain.com or fuckyourowngrandmother@domain.com all get through and just reroute to my-real-email-client.com

I didn't want it to be this way, and went through the rigmarole of setting up real users and addresses, but noticed that if people spelled names wrong, typoes etc, the email still arrived.

Kind if handy, but obviously not now.
 
 
w1rebaby
11:16 / 21.08.03
If the virus is still sending stuff out, you haven't got rid of it.

Otherwise you're just going to have to deal with the fallout, and there's nothing you can do, except maybe set up a filter on "Undeliverable" in the header. But it will stop soon. Depending on how many people you had in your address book - and it also scans caches as well I believe, so some of these people you'll never have heard of - you'll get maybe a few hundred replies at the most I'd think.
 
 
Mourne Kransky
11:33 / 21.08.03
This is a part of the advice we’ve been getting about the Sobig Virus from the IMT folks at my workplace. May be of interest. I’m just not sufficiently techie-minded to know.

Further to my email yesterday concerning the virus W32/Sobig-F, I would draw your attention to a side effect caused by this virus' spread.

Due to the way this virus spreads, you may receive an automated email message(s) from an external organisation’s anti-virus or email system stating that a message you sent has been rejected (or was infected with a virus) but you never actually sent the message! This is because the virus has forged your email address as it tries to spread.

It does not mean that your machine has a virus, just that someone you have emailed in the past (normally someone outside this network) has an infected machine.

You may safely ignore any of these external messages, the only action you need to take is to delete them from your email box.

Seems to be virus season, coming thick and fast at the moment.
 
 
Scrambled Password Bogus Email
12:44 / 21.08.03
Tell me about it.

Destructive arseholes. If I could get my hands round their windpipes...
 
 
Linus Dunce
12:52 / 21.08.03
It does not mean that your machine has a virus, just that someone you have emailed in the past ... has an infected machine.

This is indeed of interest, and is the source of Money $hot's problem.

In addition, they may have visited a web page with your address on it. A copy of this page will be kept on their machine (probably in the browser cache) and this is where the virus gets it from.

I think setting up filters (known as "rules" on Outlook I think) as mentioned above is the only practical way to go. I'd look for a common phrase or word in the e-mails you're receiving and move all messages that contain it to the trash can. I'm afraid I think this may go on for some time and will not be over soon. Many virii/worms have lasted for years -- there's always some dick who'll just click on any old attachment without thinking about the consequences or who doesn't regard software updates as important. I've even heard one quite high-up IT person say they thought viruses are over-hyped because they, sitting behind the protection their operations guys set up, have never seen one.

PS: Speaking of such things, the thing that's annoying me most at the moment is that 'king Welchia worm pinging my machine nearly every goddamn second even though I don't need your damn patch you dork. It's slowing my machine right up. I'm too cheap (and genuinely broke right now) to pay for a firewall and I don't seem to be able to switch off logging and reverse DNS lookups on this free version. So if anyone has any Zone Alarm tips for doing this, that would be great.
 
 
StarWhisper
06:50 / 02.10.08
I have no sense of humour about malware.

Can anybody suggest a really excellent anti virus program? It seems I'll have to actually buy one because the trojan registry key I have here is in my system files and as such the free ones either won't scan for it or try sucker me in by just telling me it's there with a useless demonstration of potential efficiency. Am I just being had by xoftspy or what?

ugh.
 
 
wicker woman
10:00 / 02.10.08
Avast! has served me well, and it's free. At least the home edition is, anyway. PC World seems to be fond of Bit Defender and McAfee. Bit Defender costs, and McAfee is crap as far as I'm concerned. However, if you're willing to drop the money, BD might be your best bet.


Avast's website
 
 
wicker woman
10:03 / 02.10.08
Ah. And I just noticed the bit about your wanting one to pay for, which makes my link kinda useless. Might be worth checking out anyway, though.
 
 
trouble at bill
12:26 / 02.10.08
as i'm not on-line anywhere other than various workplaces i've avoided these probs so far but it's reading stuff like this which makes me wonder if people who shell out extra for a Mac are doing the best thing...
 
 
StarWhisper
15:11 / 02.10.08
I'd get a MAC but foreign operating systems upset me. Linux made me want to cry. Debian is so sad. This "fujitsu siemens lifebook" containing the butchered remains of various other machines will do fine. I don't care if the hard drive is held in by duct tape, I like it.

The only reason I'm considering paying for the software is because of the location of the alleged viruses, that being the very place the free software won't scan.

Thanks for the suggestions, I might see if I have better luck with some of these.
 
 
Kirin? Who the heck?
14:26 / 07.10.08
If you've got a bank account with Barclays, and you've got online banking, you can log on and get a free copy of Kapersky Antivirus, which is widely considered to be among the best. If you're going to pay, the aforementioned Kapersky or ESET NOD32 (terrible name, excellent antivirus) are the two I'd recommend as the best for-pay options.
 
 
StarWhisper
03:46 / 10.10.08
You know,I learnt how to delete the virus by reading internet forumz in the end - alas, it came back when restarting.

I recommend learning skills this way to those who will not suffer crippling anxiety and white hot panic/terror/fear/nausea at thought of losing machine.

I did however panic, etc, and I bought avg which did fine and ate the virus(es) and much spyware.
 
  
Add Your Reply