This all started suddenly about 3 days ago, since then I have been getting ever increasing amounts of mail, each with a short message containing a zip file, I have identified it as the W32.Sober.X mass mailing worm. I never opeened the zip file, just scanned and deleted it. The description on http://firstname.lastname@example.org fits exactly these. My problem is not that the virus threatens me, but that I am now getting between 10 and 30 emails a day containing this, and the amount I recive seems to be increasing. As the subject of many emails (appearing to be from plausible addresses) is things like “Registration Confirmation” and “New email address” (from somebody I don’t know) it makes it very hard for me to see what is actually legitimate. I even got a email from myself today.
Is there anything I can do to block this email? Since the begining and end part of the mail is allways different I cannot just filter it all, and the keywords in the subject are often legitimate anyway (confirmation, password, registration) meaning I cant filter those either.
Here are the internet headers from one of the mails (claiming to be from email@example.com)
Received: from pfcdce.au ([22.214.171.124]) by mc7-f36.hotmail.com with Microsoft SMTPSVC(6.0.3790.211);
Tue, 22 Nov 2005 14:32:08 -0800
Date: Tue, 22 Nov 2005 22:23:42 UTC
Subject: Your Password
X-Priority: 3 (Normal)
Content-Type: multipart/mixed; boundary=“51fd5baeb.031adba2f4208aa”
X-OriginalArrivalTime: 22 Nov 2005 22:32:09.0775 (UTC) FILETIME=[93807BF0:01C5EFB4]
Anybody else been getting these kind of messages? Do you think they will pass, the worm was only discovered on the 19th of November according to Symantec.