Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How do I stop SoBig????

2 views
Skip to first unread message

Phil Powell

unread,
Aug 31, 2003, 8:36:46 PM8/31/03
to
I am not only receiving an average of 20 - 30 infected emails per day, but
now I am "sending" about 5 - 10 infected emails to users via localhost
(127.0.0.1) and I don't know how I'm doing it! I am running a virus scan
every day that detects no viruses (not even heuristic searches find
anything), yet I'm still "sending" infected SoBig emails!

I have Win2000 Professional and Outlook Express 6.

HELP!

Phil


William Kendrick

unread,
Sep 1, 2003, 5:32:36 PM9/1/03
to
In comp.windows.ms Phil Powell <soa...@erols.com> wrote:
> I am not only receiving an average of 20 - 30 infected emails per day, but
> now I am "sending" about 5 - 10 infected emails to users via localhost
> (127.0.0.1) and I don't know how I'm doing it! I am running a virus scan
> every day that detects no viruses (not even heuristic searches find
> anything), yet I'm still "sending" infected SoBig emails!

I'm not a Windows expert by any means (I've never used it on any of my
own machines, having found Linux to be much stabler and less virus-prone ;^) )

However, a few things:

1. Is your anti-virus software up-to-date? One thing I've been reading
lately is complaints that end-users think that they're safe if they've
simply installed the virus software out of the box. In other words,
new viruses come out that the software doesn't know about, so they're
still vulnerable. Be sure to update!!!

2. It sounds, based on your 'localhost' comment, that you're positive
the SoBig stuff is being sent by you. For others out there, though,
be sure you don't get tricked by the 'From'-spoofing that viruses like
these do. (In other words, if you start getting deluged with
"Your e-mail to FOO@BAR contained a virus!" or "User XYZ not found!"
bounces from mail servers, that doesn't necessarily mean that YOU
are infected. Someone ELSE out there is, and the virus is spoofing
YOUR address in the 'From' header of the e-mail. Unfortunately,
even us non-Windows users (Linux, Mac, etc.) are getting hit with this
crap, since the mail servers are so easily tricked by spoofed 'From's!)

In the meantime, it might make sense to just take your box off the 'net
until you can get updated virus software installed on it.

Good luck!

-bill!

--
bi...@newbreedsoftware.com "The patient has no previous
http://newbreedsoftware.com/bill history of suicides."

PS - Viruses and worms like SoBig and Blaster are only a few reasons to
avoid using Windows. Here's more:

http://www.lugod.org/microsoft/

Phil Powell

unread,
Sep 1, 2003, 6:18:42 PM9/1/03
to
Thanx for the info! I installed ZoneAlarm with Basic MailSafe and seems to
have slowed down the infected emails a bit, at least I hope it has..

Phil

"William Kendrick" <bi...@newbreedsoftware.com> wrote in message
news:UVO4b.17372$dk4.5...@typhoon.sonic.net...

0 new messages