SobigF. or what?

General discussion re sg.

SobigF. or what?

Postby miniscus » Fri Aug 29, 2003 6:25 am

I have an article posted at a foreign website with a dispoable for contacts. I have never used this disposable anywhere else at any time.

6 hrs after it was up, I recieved an Auto-Response from a decent website (classmates.com) stating:
Please note you have attempted to reply to an automated email address.
If you need assistance...
Well, they had recieved a mail from the above disposable... Eh? What? Ah! - a Sobig forge! And what a quicky!

The funny thing is, that this bounce was (xxxx: message 3 of 20). So I immediately sent one from real me to myself, and recieved (xxxx: message 20 of 20 -last one!-)... Eh? Got my fingers out...nope - some missing. Where are msg 1,2 and 4 to 19? Who got them? Sg must have, but not me...

And to make things a li'll inneresting, the contact-link in the article is an EMPTY mailto:nothing - no disposable. Maybe the site admins blamed my address for sobicing? They couldn't have forgotten to fill it in, because it must have been public somewhere, sometime.

This gets my brain a mess, can anyone help?
Arick
miniscus
 
Posts: 48
Joined: Thu Aug 28, 2003 10:05 pm
Location: Wiesbaden, Germany

Postby miniscus » Sat Aug 30, 2003 11:04 am

513 replies to this disposable have been eaten so far!
Definitely not from spammers alone, but a few autoreplies it seems *whine*
I've upped the address, and I'm trying to reach some of them to find out more. What the hell is this?
Arick
miniscus
 
Posts: 48
Joined: Thu Aug 28, 2003 10:05 pm
Location: Wiesbaden, Germany

Postby miniscus » Sat Aug 30, 2003 2:37 pm

Ok, I finally recieved #4 to #11. They *ALL* have the Sobig F. pif-file as attachment.

Looks like the Virus is done going through someones addressbook , the "eaten messages count" has not upped from 513. I have/will not contact any of the "eaten" senders now, of course.

Thanks Mr/Mrs naive, now nobody could reach me on that article. :x :x :x

THANK YOU, SPAMGOURMET! :D :D :D

...although recieving 36 hrs late, and still missing #1 to #3 got me all messed up - has sg been down?
Arick

PS: Where is everybody? *hmm* When you need 'em, they're not there... :wink:
miniscus
 
Posts: 48
Joined: Thu Aug 28, 2003 10:05 pm
Location: Wiesbaden, Germany

Postby josh » Sat Aug 30, 2003 10:36 pm

sendmail - the mail server that is upstream from spamgourmet - will react defensively when hit by a whole bunch of messages from the same server, assuming (correctly, in this case, I think) that they're part of something nefarious. That probably explains the delay.

I've seen this happening in the logs recently, no doubt due to Sobig - it can result in delayed delivery, and, if the upstream server is taken down (like many of these should be, IMO), some messages may not go through at all.

Try sending a test (non-virus) message through - you'll see it gets delivered right away.

Josh
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby miniscus » Sat Aug 30, 2003 11:40 pm

#20 of 20 was from me to myself, and I got it immediately...
Arick
miniscus
 
Posts: 48
Joined: Thu Aug 28, 2003 10:05 pm
Location: Wiesbaden, Germany

Postby miniscus » Sun Aug 31, 2003 12:13 am

Brought thread into sequence only, Arick
miniscus
 
Posts: 48
Joined: Thu Aug 28, 2003 10:05 pm
Location: Wiesbaden, Germany


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 23 guests

cron