[dba-Tech] I don't know what I don't know from where is sendingmessages usingmy e-mail address...

Shamil Salakhetdinov shamil at SMSConsulting.spb.ru
Mon Sep 8 13:09:59 CDT 2003


Thanks Gary and all the others who anwered my message!
All is clear now - this SoBig virus writer is a real devil...

Shamil

----- Original Message ----- 
From: "Gary Kjos" <garykjos at hotmail.com>
To: <dba-tech at databaseadvisors.com>
Sent: Monday, September 08, 2003 9:55 PM
Subject: Re: [dba-Tech] I don't know what I don't know from where is
sendingmessages usingmy e-mail address...


> Hi Shamil.
>
> Sobig virus uses E-Mail Spoofing - info belos is from the Symantec AV site
> info on it....
> -----------
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
> -----------
> Email spoofing
> W32.Sobig.F at mm uses a technique known as "spoofing," by which the worm
> randomly selects an address it finds on an infected computer. The worm
uses
> this address as the "From" address when it performs its mass-mailing
> routine. Numerous cases have been reported in which users of uninfected
> computers received complaints that they sent an infected message to
another
> individual.
>
> For example, Linda Anderson is using a computer infected with
> W32.Sobig.F at mm. Linda is neither using an antivirus program nor has the
> current virus definitions. When W32.Sobig.F at mm performs its email routine,
> it finds the email address of Harold Logan. The worm inserts Harold's
email
> address into the "From" portion of an infected message, which it then
sends
> to Janet Bishop. Then, Janet contacts Harold and complains that he sent
her
> an infected message; however, when Harold scans his computer, Norton
> AntiVirus does not find anything, because his computer is not infected.
>
> --------
>
> So Shamil, someone who has you on their contact list is infected and is
> sending the message pretending to be you.....
>
> Gary Kjos
> garykjos at hotmail.com
>
>
>
>
>
> >From: "Shamil Salakhetdinov" <shamil at SMSConsulting.spb.ru>
> >Reply-To: Discussion of Hardware and Software
> >issues<dba-tech at databaseadvisors.com>
> >To: "dba - Tech" <dba-tech at databaseadvisors.com>
> >Subject: [dba-Tech] I don't know what I don't know from where is sending
> >messages usingmy e-mail address...
> >Date: Mon, 8 Sep 2003 21:34:15 +0400
> >
> >Hi All,
> >
> >Have you ever seen a message returned to your mailbox, having your e-mail
> >address in From field, which you didn't send? (see example in P.S.)
> >This doesn't seem to be a virus running on my PC - my PC is scanned
> >periodically using NAV with latest updates.
> >And the recipients e-mail addresses of such messages aren't written in my
> >address book, and even MS Outlook Express version I use is different!
> >
> >What is this? A virus NAV missing while scanning my PC? Or...? Could you
> >please advice?
> >
> >This looks very much like SOBIG virus but I don't have it on my PC!
> >
> >So much confused,
> >TIA for any info,
> >Shamil
> >
> >P.S. Strange messages header:
> >
> >Return-path: <shamil at smsconsulting.spb.ru>
> >Received: from conversion-daemon.mailgw2.cityu.edu.hk by
> >mailgw2.cityu.edu.hk
> >  (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
> >  id <0HKW00601M6XOB at mailgw2.cityu.edu.hk>
> >  (original mail from shamil at smsconsulting.spb.ru); Tue,
> >  9 Sep 2003 01:11:56 +0800 (CST)
> >Received: from USER-VJCG7U5W26 (171-043.onebb.com [202.180.171.43])
> >  by mailgw2.cityu.edu.hk
> >  (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
> >  with ESMTP id <0HKW007I6N4417 at mailgw2.cityu.edu.hk> for
> >  college.office at cityu.edu.hk; Tue, 09 Sep 2003 00:57:47 +0800 (CST)
> >Date: Tue, 09 Sep 2003 01:28:39 +0800
> >From: shamil at smsconsulting.spb.ru
> >Subject: Thank you!
> >To: college.office at cityu.edu.hk
> >Message-id: <0HKW007I7N4417 at mailgw2.cityu.edu.hk>
> >MIME-version: 1.0
> >X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> >Content-type: multipart/mixed;
> >boundary="Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)"
> >Importance: Normal
> >X-Priority: 3 (Normal)
> >X-MSMail-priority: Normal
> >X-MailScanner: Found to be clean
> >
> >This is a multipart message in MIME format
> >
> >--Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
> >Content-type: text/plain; charset=iso-8859-1
> >Content-transfer-encoding: 7BIT
> >
> >See the attached file for details
> >
> >--Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
> >Content-type: text/plain; Name=UnsafeFile.txt
> >Content-transfer-encoding: 7BIT
> >Content-disposition: inline
> >Content-description: Unsafe file movie0045.pif is removed!
> >
> >********* UNSAFE FILE REMOVED! *********
> >
> >The system has removed the following unsafe file from this mail:
> >
> >* Name of the file being removed: movie0045.pif
> >
> >Postmaster (Mail Administrator),
> >City University of Hong Kong
> >Email: postmaster at cityu.edu.hk
> >
> >(Reference number: 20030909_011156_13779)
> >********************************************
> >
> >
> >--
> >e-mail: shamil at smsconsulting.spb.ru
> >http://smsconsulting.spb.ru/shamil_s
> >
> >_______________________________________________
> >dba-Tech mailing list
> >dba-Tech at databaseadvisors.com
> >http://databaseadvisors.com/mailman/listinfo/dba-tech
> >Website: http://www.databaseadvisors.com
>
> _________________________________________________________________
> Fast, faster, fastest: Upgrade to Cable or DSL today!
> https://broadband.msn.com
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com



More information about the dba-Tech mailing list