Massive virus email problem

Living Room
#1

This all started suddenly about 3 days ago, since then I have been getting ever increasing amounts of mail, each with a short message containing a zip file, I have identified it as the W32.Sober.X mass mailing worm. I never opeened the zip file, just scanned and deleted it. The description on http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.x@mm.html fits exactly these. My problem is not that the virus threatens me, but that I am now getting between 10 and 30 emails a day containing this, and the amount I recive seems to be increasing. As the subject of many emails (appearing to be from plausible addresses) is things like “Registration Confirmation” and “New email address” (from somebody I don’t know) it makes it very hard for me to see what is actually legitimate. I even got a email from myself today.

Is there anything I can do to block this email? Since the begining and end part of the mail is allways different I cannot just filter it all, and the keywords in the subject are often legitimate anyway (confirmation, password, registration) meaning I cant filter those either.

Here are the internet headers from one of the mails (claiming to be from admin@bigbond.net.au)

X-Message-Status: n
X-SID-PRA: Admin@bigbond.net.au
X-SID-Result: TempError
X-Message-Info: Qcg05BREWSHcn24npTN8VUBevlRWFfQYoHENlXQE5jQ=
Received: from pfcdce.au ([211.26.223.123]) by mc7-f36.hotmail.com with Microsoft SMTPSVC(6.0.3790.211);
Tue, 22 Nov 2005 14:32:08 -0800
From: Admin@bigbond.net.au
To: bcn_246@h*****l.com
Date: Tue, 22 Nov 2005 22:23:42 UTC
Subject: Your Password
Importance: Normal
X-Priority: 3 (Normal)
Message-ID: <b2e2a309a8e187d1@bigbond.net.au>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=“51fd5baeb.031adba2f4208aa”
Content-Transfer-Encoding: 7bit
Return-Path: Admin@bigbond.net.au
X-OriginalArrivalTime: 22 Nov 2005 22:32:09.0775 (UTC) FILETIME=[93807BF0:01C5EFB4]

Anybody else been getting these kind of messages? Do you think they will pass, the worm was only discovered on the 19th of November according to Symantec.

#2

mailwasher pro version 4.019. (5.0) still has a few bugs.

#3

I have been getting stuff like that lately too. I have not scaned then to see what was within the zip but here is a message I just look at at my msn account. I have no clue of who this is but all i fdo is delete it. If i dont know them it goes strait in the trash. :wink:

Hope you dont get nothing.

edit* I tried to copy and paste but it was messed up. Here is a pic.

789.png835x439 10.4 KB

#4

Here is another one. These started for me within this last week. It happens off an on. Its just a wave of crap and will pass.

897.png837x463 12 KB

#5

I thought such virus emails are very common.

#6

Not for me, before this I got maybe one or two a month, now I get one every about every half an hour minutes. Since posting this I have allready got one. rfjr23, thats exactly the kind of thing I get. I guess I will just hope it passes.

#7

Here is another identical to the first but different addy. I just noticed all these are from today.

It will pass Ben. :wink: The come and go.

45.png835x358 9.77 KB

#8

Welcome to the world of spam.

First things first: I’d expect one of your friends (with your email addresses) haven’t been practising safe fax & have contracted something nasty.

The fact that your scanner is picking it up suggests everythings working fine :wink:

Has anyone sent you any e-cards lately? Signed up to a less-than reputable site?

#9

Don’t use Windows for surfing and email.

#10

LOL - lucky me - been unaffected altogether!

#11

Getting a bunch of such e-mails, but they get a nice warm welcome with my “DEL” button.

#12

hides

#13

Mailwasher works for me…I can read the contents, without having to worry about the virus. I can bounce and/or delete the message before downloading it…
Been using the program to my satisfaction for a while now…

I read that approximately 40% of e-mails today are with the Sober virus…

A lot of phishing mails going on too…

#14

Nicely put :bigsmile:

None here, either…guess my ISP’s spam filter/anti-virus software must be doing it’s job…

Edit: I’m almost scared to check my Yahoo mail after reading this, LOL.

#15

/me wonders for how long the “unsecure” email protocol will remain … before they replace it with something more secure, aka logged …

#16

I got some suspicious emails this last week (nothing like the above, though), and I didn’t recognize the sender, so I just hit ‘delete’ without opening a thing. If I don’t know who it’s from, it’s into the trash bin.

#17

Tax, i’m also use mailwasher, but in reading the mailwasher forums at castle cops they don’t recommend bouncing the email’s as they regaurd it as spam. there’s more to read about it there.

i’ve also been getting a lot more crap, but i’m using my webmail as i’m away at work.

#18

I only bounce spam mails…virus mails get deleted.
I have no idea if it works (most likely it does not), but the chance it might is enough for me to continue using it :wink: