WebTV / MSN TV
Getting Returned Emails
That You Didn't Send?
You may have heard on the news about the world-wide Windows "SoBig" and "Blaster" viruses and/or worms that are causing so much trouble for computer users.
The viruses propagate via email. The attachment to that email carries the worm.
It invades a computer, finds the email program's Addresses list, and sends out copies of the virus with those addresses in both the To: and From: address headers.
This is all done without any sign it's happening... nothing shows in the Sent email folder of infected computers.
When a computer user has your email address in his/her email program, some of those virus-infested emails generated by SoBig are sent out with your email address in the From: header.
When they've been sent to an undeliverable address, they will be bounced back not to the computer where they originated, but to you. That's where these notices are coming from.
What You Can Do
Email your friends who use computers and tell them that although you don't know who's infected, one of them is. If they're using Windows, they're vulnerable.
Urge them to:
You can also send them the URL of this page you're reading now:
Until/unless people all over the world with computers running Windows scan their computers for the newest viruses and get the Security patch, this is going to continue.
For more info, scroll down to "Consumers Cope with SOBIG" on this page:
http://www.msnbc.com/news/954470.asp
Fortunately, as you may know, we on WebTV in general can't be affected by computer viruses or worms, but we could unintentionally pass one on by Forwarding an original email with the virus to a computer user.
Instead, just Delete all such emails. Signs of what to look for are included in information further down this page.
The SogBig.f virus can also install remote keystroke-logging and control programs that would allow the originator of the virus to record passwords, credit card numbers, etc., and more alarmingly, to control infected computers remotely, without the owner knowing anything about it, by sending "orders" to them.
"Computer experts spent Thursday debating what the SoBig author's next instructions are likely to be. One leading theory is that the update will turn infected machines into generators of unwanted commercial e-mail, known as spam."'It's almost like someone breaking into your home and then using your phone to do telemarketing,' said Ian Hameroff, chief security strategist for Computer Associates International Inc., one of the world's biggest software companies."
From:
http://www.latimes.com/news/printedition/la-fi-virus22aug22000424,1,195533.story
Another theory is that the SoBig, like so many other viruses, is intended to cause mischief, destroy files, etc. In any case, these self-perpetuating harmful programs are meant to cause Windows computer users a great deal of trouble.
Further information from ZDnet.com
and How to Recognize an Original SoBig.f Virus Email
and How to Recognize an Original SoBig.f Virus Email
Yet another member of the Sobig virus family is loose.
Sobig.f (w32.sobig.f@mm) spreads via e-mail and shared network files and could slow e-mail servers with excessive traffic, so it rates a 7 on the ZDNet Virus Meter.
This worm affects only Windows computers, not Mac, Linux, or Unix systems. Like its siblings, Sobig.f has a built-in termination date, September 10, 2003, and can attempt to retrieve, download, and finally execute a Trojan to steal credit card numbers and other personal account information.
But Sobig.f differs in that it appends garbage characters to the end of the infected file, making it harder for antivirus products to recognize Sobig.f.
How it works
Sobig.f arrives as an e-mail with the following characteristics:
The From and To addresses are collected from infected PCs, from files ending with the extensions .dbx, .eml, .htm, .html, .txt, and .wab.
The Sobig.f subject line typically reads:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Its body text reads:
See the attached file for details
Please see the attached file for details.
The file attached to Sobig.f is:
application.pif
details.pif
document_9446.pif
document_all.pif
movie0045.pif
thank_you.pif
your_details.pif
your_document.pif
wicked_scr.scr
When executed, the worm will add the following to the system registry:
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun] "TrayX" = %windir%winppr32.exe /sinc
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun] "TrayX" = %windir%winppr32.exe /sinc
Prevention
In general, do not open e-mail attachments without first saving them to hard disk and scanning them with updated antivirus software. If you do not have automatic antivirus signature file updates, contact your antivirus vendor to obtain the most-current antivirus signature files that include Sobig.f.
Removal
Most antivirus-software companies have updated their signature files to include this worm. The updates will stop the infection upon contact and, in some cases, will remove an active infection from your system.
For more information, see Central Command, Computer Associates, F-Secure, McAfee, MessageLabs, Norman, Panda, Sophos, Symantec, and Trend Micro.
Quick facts
Name: Sobig.f (w32.sobig.f@mm)
What it does: The effects are still being analyzed by antivirus-software vendors.
Means of transmission: E-mail and shared network files.
How to recognize: Attached files are zipped and contain .pif files.
Who is at risk: Windows users.
Even more detailed information from Symantec, one of the largest Anti-Virus software makers:
Powered by IOM