Sobig Effect

Jeffrey Kay jeff at k2.com
Wed Aug 20 19:00:50 PDT 2003


Lovegate is another "attachment" virus --
http://mssg.rutgers.edu/documentation/viruses/lovegate.asp seems to have
a pretty complete description.  I can see that in addition to nuking all
BAT, PIF, and SCR files I may have to NUKE all EXE files too.  Bummer.

jeffrey kay 
weblog <k2.com> pgp key <www.k2.com/keys.htm> aim <jkayk2>
share files with me -- get shinkuro -- <www.shinkuro.com>

"first get your facts, then you can distort them at your leisure" --
mark twain 
"if the person in the next lane at the stoplight rolls up the window and
locks the door, support their view of life by snarling at them" -- a
biker's guide to life
"if A equals success, then the formula is A equals X plus Y plus Z. X is
work. Y is play. Z is keep your mouth shut." -- albert einstein


> -----Original Message-----
> From: fork-bounces at xent.com [mailto:fork-bounces at xent.com] On 
> Behalf Of Meltsner, Kenneth
> Sent: Wednesday, August 20, 2003 5:59 PM
> To: Dr. Robert J. Harley; fork at xent.com
> Subject: RE: Sobig Effect
> 
> 
> I'm at an [unnamed] client site, and they're getting chewed 
> up pretty good by blaster & variants, and now there's 
> something called lovegate that I'm hearing whispers about.
> 
> too bad they don't use our AV software....
> 
> > -----Original Message-----
> > From: Dr. Robert J. Harley [mailto:harley at argote.ch]
> > Sent: Wednesday, August 20, 2003 4:20 PM
> > To: fork at xent.com
> > Subject: Re: Sobig Effect
> > 
> > 
> > Jeffrey Kay wrote:
> > >Just in case anyone's interested --
> > >
> > >Over the last 24 hours, I got hit with around 56 messages per hour
> > >containing the Sobig virus.
> > 
> > I'm certainly interested in people's experience with spam, 
> virii etc.
> > 
> > Personally, I have never been hit with a virus.  Stuff like 
> MSBlaster
> > just registers as a spike of DENYals on tcp/135 at the firewall.
> > 
> > I got something like 6 Sobig virii and 3 bounces (from my email
> > address being forged by it) in the last 24 hours, 
> auto-tossed into the
> > spam bin by mail filters.
> > 
> > IMO, nuking these painlessly for the non-tech user is one 
> of the most
> > obvious low-hanging wealth-creation opportunities available for
> > entrepreneurs today.
> > 
> > R
> > _______________________________________________
> > FoRK mailing list
> > http://xent.com/mailman/listinfo/fork
> > 
> > 
> _______________________________________________
> FoRK mailing list
> http://xent.com/mailman/listinfo/fork
> 



More information about the FoRK mailing list