Fusion Reaction: 20 August 2003

Spam/Worm Update
by Fazia Rizvi
20 August 2003, 2:53 PM

I'm still drowning in bounced messages from this darn thing. (About 10-20 more come in every hour.) But it seems I was mistaken that it was an email worm to begin with. It's a little more sneaky than that.

Apparently the W32/Sobig.F mail worm is like like other members of the Sobig family. This ".F" variant (I feel like I'm in one of my biology classes rather than talking computers) creates a backdoor on infected systems, which can then be used to run malicious code that sends mail spam to others. On top of that it generates a false return address.

Lovely. This thing combines all the joys of spam with the delights of email worms and the splendors of virus infections. And of course systems from some podunk ISP to Best Buy are replying to these things to tell all the spoofed address that the message they did not send contains a virus which they will not accept, thus compounding the problem.

Hopefully this will pass soon. In the meantime, here's some useful information:

McAfee Security Advisory

CERT's Current Activity Info

SOPHOS Profile

Worm Insanity
by Fazia Rizvi
20 August 2003, 11:18 AM

Well, this is mighty frustrating. Well-meaning people have made the latest Internet worm attack even worse.

Both my personal work email, and one work alias are widely distributed on web pages and in people's Outlook address books, so everytime there's a major Internet worm attack, I get lots of crap in my inbox.

This particular worm does the usual dirty trick of spoofing the sender. So if you get the worm the email address attached to it likely is NOT the infected computer, but just some poor schmuck who happens to be in the addressbook of somebody else's infected computer.

That fact hasn't stopped people from installing automatic responders to such virus messages. What does that mean in practical terms?

It means that when I logged into my work email this morning instead of the usual 30+ messages (25 of which would have been spam) I had 622 waiting for me.

Half of that was the Internet worm, obviously. But the OTHER half, probably a good 300 messages or so, was all auto responders telling me that I might have a virus since I'd been spoofed on a bazillion messages that went out from somebody else's computer!

*sigh*

That just means more crap I have to wade through. It's impossible for my email system to be infected - it's an ancient VMS mainframe that I *can't* open attachments on! Arg!