SoBig gets (so) BigGER

By
Geoff Fox
on 08/20/03 1:50 PM | | Comments (2)

I woke up this morning to find a few dozen more SoBig bouncebacks in my mailbox. From the looks of the email's I've received, the actually infected computer might belong to someone at WFSB... someone I invited to the Emmy judging!

Along with random, weird addresses (see the extended entry below), emails went to Rob Jordan (agent) and a few Meredeth and WFSB addresses. Oops.

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

vicki@partysuppliesbyvicki.com
This message has been rejected because it has
a potentially executable attachment "wicked_scr.scr"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from [12.111.59.130] (helo=CTD1SEC1)
by camelot.rtsdns.net with esmtp (Exim 4.20)
id 19pWyt-00024k-Eb
for vicki@partysuppliesbyvicki.com; Wed, 20 Aug 2003 12:42:47 -0500
From:
To:
Subject: Re: Re: My details
Date: Wed, 20 Aug 2003 13:43:33 --0400
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_011A382B"
Message-Id:

This is a multipart message in MIME format

--_NextPart_000_011A382B
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Please see the attached file for details.
--_NextPart_000_011A382B
Content-Type: application/octet-stream;
name="wicked_scr.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="wicked_scr.scr"


2 Comments

Denise said:

Hey, how weird...I just sent a long e-mail to everyone in my address book...and ALL of the "AOL" addressed e-mails were returned to me...does that mean my computer has this virus? (SO BIG?)...if so, how do I get rid of it?

August 20, 2003 3:30 PM
Geoff Fox said:

Yes. Your computer must be infected.

Go here and follow the directions: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.removal.tool.html

DO NOT STAY ON THE INTERNET UNTIL YOU HAVE DONE THIS (other than actually getting this cure itself).

All the best,
Geoff Fox

August 20, 2003 3:43 PM

Email this page

Email Geoff

My Bio

My Resume

Weather/Environment

Time Lapse Photography

Archives

Search

About this Entry

This page contains a single entry by Geoff Fox published on 08/20/03 1:50 PM.

SoBig was the previous entry in this blog.

Am I John Mayer's stalker? is the next entry in this blog.

As of 06/06/08 at 11:30 PM, I have published 2944 individual entries and received 3902 comments. The counter at the very bottom of the screen shows the total pages served.

For the most recent entries, click the main index. You can see a full listing of every entry since the beginning in the archives.

Latest Comments

• Geoff Fox - 08/20/03
• Denise - 08/20/03