I woke up this morning to find a few dozen more SoBig bouncebacks in my mailbox. From the looks of the email’s I’ve received, the actually infected computer might belong to someone at WFSB… someone I invited to the Emmy judging!
Along with random, weird addresses (see the extended entry below), emails went to Rob Jordan (agent) and a few Meredeth and WFSB addresses. Oops.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
vicki@partysuppliesbyvicki.com
This message has been rejected because it has
a potentially executable attachment “wicked_scr.scr”
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
—— This is a copy of the message, including all the headers. ——
Return-path:
Received: from [12.111.59.130] (helo=CTD1SEC1)
by camelot.rtsdns.net with esmtp (Exim 4.20)
id 19pWyt-00024k-Eb
for vicki@partysuppliesbyvicki.com; Wed, 20 Aug 2003 12:42:47 -0500
From:
To:
Subject: Re: Re: My details
Date: Wed, 20 Aug 2003 13:43:33 –0400
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”_NextPart_000_011A382B”
Message-Id:
This is a multipart message in MIME format
–_NextPart_000_011A382B
Content-Type: text/plain;
charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
–_NextPart_000_011A382B
Content-Type: application/octet-stream;
name=”wicked_scr.scr”
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=”wicked_scr.scr”
Hey, how weird…I just sent a long e-mail to everyone in my address book…and ALL of the “AOL” addressed e-mails were returned to me…does that mean my computer has this virus? (SO BIG?)…if so, how do I get rid of it?
Yes. Your computer must be infected.
Go here and follow the directions: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.removal.tool.html
DO NOT STAY ON THE INTERNET UNTIL YOU HAVE DONE THIS (other than actually getting this cure itself).
All the best,
Geoff Fox