Lookout for Sobig.E virus

M

M Darrah

Registered
I came home today to find several emails in my inbox with the subject line "Re: Movie" or "Re: Application". Inside is an attachment called "your_details.zip".

There was even one email that was a "Returned Mail" from an AOL server, which means someone's infected machine is sending out this virus with my email address as the "from" address, which pisses me off to no end because it's my private email address that I only give out to a few people.

Apparently the latest version of this virus just started spreading over the past weekend.

So check your machines. Do a search for the file WINSSK32.EXE. If you find it, your machine is infected.

Go here for more info:

http://www.f-secure.com/v-descs/sobig_e.shtml

At the bottom of the page, there's a small utility you can download and run which will remove it.
 
RE: Lookout for Sobig.E virus

I seem to be OK. But I do appreciate when you and others post the links to get rid of viruses - I always run them just to be sure. It can't hurt, right?
 
RE: Lookout for Sobig.E virus

It won't hurt, but the utility only removes that particular virus, not the 50,000 others that are out there. It's an absolute necessity to have the latest version of at least one virus scanner installed. And you MUST download the latest updates at least once every week or two to keep it up to date.

The one most widely considered the best (and the least known) is F-Prot:

http://www.f-prot.com/products/home_use/win/

It's made in Iceland, of all places. You can download a 30 day trial, or buy it for $29. It used to be free, which sucks, but it's still a good investment. I don't think you can get it in stores.
 
RE: Lookout for Sobig.E virus

Thats a neat one. Looks like there are an awful lot of people already infected by the number of copies of it being sent to my email address(s) and the origin IPs all being different for the most part.

It's unique in that it sends itself out, zipped. And of course most AV solutions didn't recognize it immediately and most mail server admins don't filter the extension zip.. so many people opened it.. Why? I don't know. Looks suspicious as hell to me (we were filtering it on our server real fast - AVG AV works well) but some folks still open those right up.

http://www.wallingdatasystems.com/personal/markviii/boardimage.jpg
luke@wallingdatasystems.com
Personal Site :
http://www.wallingdatasystems.com/personal/markviii
Company Sites :
http://www.wallingdatasystems.com
http://www.avg-antivirus.net
http://www.reallycheapdomains.net
 
RE: Lookout for Sobig.E virus

Out of ALL the crap I get, and all the mails I DONT open up, I happened to open this one because it was addressed directly to me and the subject line sounded authentic. I think it was a reply to an old email I had sent to someone who was infected.

I searched for the file mentioned above and did not find it on my system. I opened the zip, figured it was BS and didn't run the file. So thate means I am safe, no???

Kale
 
RE: Lookout for Sobig.E virus

Per McAfee Site:

Indications of Infection

- Presence of the file winssk32.exe in the WINDOWS (%WinDir%) directory
- System listening on UDP Ports 995 - 999

(%WinDir%)=default Windows folder
 
RE: Lookout for Sobig.E virus

About what size is the file when in shows up in your in box? Anything in the 135kb range now I automaticly delete unless I'm postive what it is since that was the size of the last virus that is still floating around out there. I still get one or two a week of that one (LOL).


** Bill **
1995 LSC-R'ed w/Recaro's and Cobra R's
Veteran of Carlisle 2000/01/02/03
[a href=//cardomain.com/member_pages/view_page.pl?page_id=258112]For Pic's and Mods click here[/a]

...Learn from the mistakes of others. You can't live long enough to make them all yourself....
 
You must log in or register to reply here.
Back
Top