PDA

View Full Version : About virus sobigf



Unregistered
08-20-2003, 01:09 PM
Greeting

I found a mystical site when searching with word sobigf
that is a name of a virus that spreads right now worldwide.
On that site appears to be codes, and one of them is identical
to that word sobigf. I also found a word omni in both message
ID of contaminated email and the name of that website.
Here a copy of contaminated email... :

From :
Mail Delivery Subsystem <MAILER-DAEMON@perkunas*.omnitel.net>

To :


Subject :
Returned mail: see transcript for details

Date :
Wed, 20 Aug 200* 07:*6:48 +0*00

Attachment : thank_you.pif (*00k)
MIME-Version: *.0
Received: from perkunas*.omnitel.net ([**4.*76.*2.*8]) by mc6-f*6.law*.hotmail.com with Microsoft SMTPSVC(5.0.2**5.5600); Tue, ** Aug 200* 2*:*6:4* -0700
Received: from localhost (localhost)by perkunas*.omnitel.net (8.**.6/8.*.*) id h7K4Gmm0260*;Wed, 20 Aug 200* 07:*6:48 +0*00
X-Message-Info: JGTYoYF78jEHjJx*6Oi8+YDSEg8qKPPD
Message-Id: <200*082004*6.h7K4Gmm0260*@perkunas*.omnitel.net>
Auto-Submitted: auto-generated (failure)
Return-Path: <>
X-OriginalArrivalTime: 20 Aug 200* 04:*6:4*.0684 (UTC) FILETIME=[E07AAD40:0*C*66D*]
Reply Reply All Forward Delete Put in Folder...InboxSent MessagesDraftsTrash Can Printer Friendly Version

The original message was received at Wed, 20 Aug 200* 07:*6:45 +0*00
from [**4.2*5.80.*8]

----- The following addresses had permanent fatal errors -----
<ieva.per@ukmerge.omnitel.net>
(reason: can't create (user) output file)

----- Transcript of session follows -----
procmail: Quota exceeded while writing "/var/spool/mail/00027*6"
550 5.0.0 <ieva.per@ukmerge.omnitel.net>... Can't create output


Reporting-MTA: dns; perkunas*.omnitel.net
Received-From-MTA: DNS; [**4.2*5.80.*8]
Arrival-Date: Wed, 20 Aug 200* 07:*6:45 +0*00

Final-Recipient: RFC822; ieva.per@ukmerge.omnitel.net
Action: failed
Status: 5.*.0
Diagnostic-Code: X-Unix; 7*
Last-Attempt-Date: Wed, 20 Aug 200* 07:*6:48 +0*00


From :


To :
<ieva.per@ukmerge.omnitel.net>

Subject :
Your details

Date :
Wed, 20 Aug 200* 7:**:55 +0*00

Attachment : thank_you.pif (*00k)
MIME-Version: *.0
Received: from KOLDSK0* ([**4.2*5.80.*8])by perkunas*.omnitel.net (8.**.6/8.*.*) with SMTP id h7K4Gjm02600for <ieva.per@ukmerge.omnitel.net>; Wed, 20 Aug 200* 07:*6:45 +0*00
Return-Path: <rainovelin@hotmail.com>
Message-Id: <200*082004*6.h7K4Gjm02600@perkunas*.omnitel.net>
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: * (Normal)
Please see the attached file for details.

Notice: Attachments are automatically scanned for viruses using

Reply Reply All Forward Delete Put in Folder...InboxSent MessagesDraftsTrash Can Previous Next | Close


...and here a sample from that website:

q=cache:VtbXCh0QnuIJ:www.omniscient.com.au/upgrade/ted/tasmodul.txt+soBigF&hl=fi&ie=UTF-8











"NOWORKASS","Workwise-Assertiveness and Communication","*205**",
"GE*05","MANAGING GROUP PROBLEM SOLVING AND DECISION MAKING","*205**",
"GENPCD20*","ACCESS EMPLOYMENT AND TRAINING OPTIONS","*205**",
"NBB05","QUALITY CONCEPTS","0*****",
"654**","Strategies For Teaching English To Speakers Of Other Lang's","070**5",
"TSL008","RESOURCES AND TESTING INSTRUMENTS","070**5",
"TSL00*","PRACTICE TEACHING: DESIGN, DELIVERY AND REVIEW","070**5",
"TSL007","INTRODUCTION TO THE FOUR MACRO SKILLS","070**5",
"SOBIEG","Improve Your English Grammar","0**50*",
"SOBIGF","Improve your Grammar - Intermediate","0**50*",
"TSL006","GRAMMAR APPLICATIONS","0**50*",
"SOICCR","Introduction to Cryptic Crosswords","0**50*",
"BUGRAMMAR","Improve your English Grammar","0**50*",
"CWM00*","Introduction To Solid Waste Handling Equipment","0***0*",
"ABJ502","INTRODUCTION TO SOLID WASTE HANDLING EQUIPMENT","0***0*",
"ABJ50*","RECEIVING AND DISPATCHING WASTE","0***0*",
"487*8","SOLID WASTE MANAGEMENT","0***0*",
"EB854","STORM WATER DRAINAGE","0***0*",

There may not be any other connection between these two but
the uncommonness, nevertheless, it is interesting.

all the best to you

Maria

DATA
08-21-2003, 06:47 AM
hi,

i have been receiving nearly around *0 copies of what u posted
for the past 2 to * days. Dont open the attachment in any case.

Regards Data.

Unregistered
08-21-2003, 06:01 PM
I have been using this site for years and am pleased to thank you for a lot of help that i've been finding here.

God bless, may your days be bright.

Maria

Unregistered
08-22-2003, 06:14 AM
the Sobig worm is de facto a distributed network of
proxy
servers, primarily designed for sending spam

DATA
08-23-2003, 05:46 AM
SOBI appers to be eliminated

http://www.f-secure.com/v-descs/sobig_f.shtml

Thanks.

Data.

Unregistered
08-23-2003, 05:34 PM
There is a warning in scandinavian media of the risk that sobigf will be updated & reactivated on every friday and sunday late night for weeks from now.

peace & harmony

mbravo
08-25-2003, 05:26 PM
You can find a very useful summary on the identification, blocking and removal of this worm at this webpage (http://www.sophos.com/support/disinfection/sobigf.html)

Unregistered
08-26-2003, 05:48 AM
That site seems to be well done and sophisticated :)

blessings

Maria