W32/Sobig virus? [adrian@xxxxxxxx: [Gimp-developer] Re: Approved]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

        It appears that someone (maybe on gimp-developer, maybe not) has been 
socked with the W32/Sobig virus/worm. It's similar to the KLEZ worm, but is a 
bit more picky. I've been getting a lot of messages like below, but since my 
main machine is a linux box, I'm not getting infected. Spamassassin is helping 
to find it, but thought everyone would want to know. From the NANOG mailing 
list:

--snip--

>On 03.06 13:44, Dominic J. Eidson wrote:
>>
>> I'm having a feeling that someone harvested a bunch of adresses, possibly
>> from NANOG, and is using them as the sender address in pretend-to-be KLEZ
>> spams.. I have received several bounces lately, several of them appearing
>> to be KLEZ, all with me as the original sender ....
>
>Just to add another data point:
>
>The same thing started happening to me a few days ago.  I do not know
>any of the recipients of the bounces but some people I *do* know advised me
>they are getting them.  I cannot say whether this is really KLEZ or not,
>not enough data.


http://vil.nai.com/vil/content/v_100343.htm (W32/Sobig.c@MM) which is klez
like in how it picks its targets....  Its been on a rampage since the
Friday night.

--snip--

        If you're on the list with your MUA being windows based, please visit 
the URL above, get info on the worm, and update your virus programs and 
mailfilters. Right now, I have virii and spam going to /dev/null, but brought 
this out to give everyone a heads up.

                                                        BL.
----- Forwarded message from adrian@xxxxxxxx -----

From: <adrian@xxxxxxxx>
To: <gimp-developer@xxxxxxxxxxxxxxxxxxxxx>
Subject: [Gimp-developer] Re: Approved
Date: Wed, 4 Jun 2003 17:02:24 +0200
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=5.5 required=5.0
	tests=FORGED_MUA_OUTLOOK,MISSING_MIMEOLE,NO_REAL_NAME,
	      RAZOR2_CF_RANGE_91_100,RAZOR2_CHECK
	version=2.55
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

This mail is probably spam.  The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future.  See http://spamassassin.org/tag/ for more details.

Content preview:  This is a multipart message in MIME format Please see
  the attached file. MIME-Version: 1.0 Gimp-developer mailing list
  Gimp-developer@xxxxxxxxxxxxxxxxxxxxxx
  http://lists.xcf.berkeley.edu/mailman/listinfo/gimp-developer [...] 

Content analysis details:   (5.50 points, 5 required)
NO_REAL_NAME       (1.1 points)  From: does not include a real name
RAZOR2_CF_RANGE_91_100 (1.2 points)  BODY: Razor2 gives a spam confidence level between 91 and 100
                   [cf: 100]
RAZOR2_CHECK       (0.9 points)  Listed in Razor2, see http://razor.sf.net/
MISSING_MIMEOLE    (0.1 points)  Message has X-MSMail-Priority, but no X-MimeOLE
FORGED_MUA_OUTLOOK (2.2 points)  Forged mail pretending to be from MS Outlook

The original message did not contain plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


Content-Description: original message before SpamAssassin
Delivered-To: gimp-developer@xxxxxxxxxxxxxxxxxxxxxx
Delivered-To: gimp-developer@xxxxxxxxxxxxxxxxxxxxx
From: <adrian@xxxxxxxx>
To: <gimp-developer@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 4 Jun 2003 17:02:24 +0200
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
Subject: [Gimp-developer] Re: Approved
X-BeenThere: gimp-developer@xxxxxxxxxxxxxxxxxxxxxx
X-Mailman-Version: 2.1b4
Precedence: list
List-Id: <gimp-developer.lists.xcf.berkeley.edu>
List-Post: <mailto:gimp-developer@xxxxxxxxxxxxxxxxxxxxxx>
List-Subscribe: <http://lists.xcf.berkeley.edu/mailman/listinfo/gimp-developer>,
	<mailto:gimp-developer-request@xxxxxxxxxxxxxxxxxxxxxx?subject=subscribe>
List-Unsubscribe: <http://lists.xcf.berkeley.edu/mailman/listinfo/gimp-developer>,
	<mailto:gimp-developer-request@xxxxxxxxxxxxxxxxxxxxxx?subject=unsubscribe>
List-Archive: </lists/gimp-developer>
List-Help: <mailto:gimp-developer-request@xxxxxxxxxxxxxxxxxxxxxx?subject=help>
Errors-To: gimp-developer-bounces@xxxxxxxxxxxxxxxxxxxxxx

Please see the attached file.
_______________________________________________
Gimp-developer mailing list
Gimp-developer@xxxxxxxxxxxxxxxxxxxxxx
http://lists.xcf.berkeley.edu/mailman/listinfo/gimp-developer



----- End forwarded message -----

-- 
Brad Littlejohn                         | Email:        tyketto@xxxxxxxxxx
Unix Systems Administrator,             |           tyketto@xxxxxxxxxxxxxx
Web + NewsMaster, BOFH.. Smeghead! :)   |   http://www.wizard.com/~tyketto
  PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569  F620 C819 199A E319 F0BF

Attachment: pgpc4H2saCjAw.pgp
Description: PGP signature

[Index of Archives]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [GIMP for Windows]     [KDE]     [GEGL]     [Gimp's Home]     [Gimp on GUI]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux