[Merged] The worst worm virus I've ever seen

[wly]

These past few days, I have been experiencing spam attack in my Yahoo mail. What is annoying me is that they are attaching huge files between 200k to 500k and they are sending it around 10 times a day from different sorts of addresses and from God knows where. I tried to block them but it seems useless. I emailed them with some harsh language but some has bounced back and some I don't know. It is definitely not stopping them and the worst thing is I get the message from Yahoo that I am over the 6MB quota. Is it somebody deliberately attacking my mail? Can somebody please help me as to what I shall do?

[Jan]

What you need to do is show full headers in your email. Get the IP address, find out who the ISP is and forward the offending mails to them. If you don't know how to find the ISP, join up with http://spamcop.net and they will do all the hard work for you.

[madaweb]

I also have a yahoo email that's being spammed (as well as a hotmail), I've run a virus check and each of those email contains a virus in the attachement so be carefull.

[Lil_Red]

Quote:

Originally posted by Jan
What you need to do is show full headers in your email. Get the IP address, find out who the ISP is and forward the offending mails to them. If you don't know how to find the ISP, join up with http://spamcop.net and they will do all the hard work for you.

Just a note of caution on spamcop. Some of their results are inaccurate. I get more stupid email from spamcop because half the headers out there say mail.server.com and people do not know how to interpret the results from spamcop so they just have spamcop send spam.

Ok, I'm done my rant.

[Jan]

Lil_Red, would you care to elaborate on that please?

[Czar]

Let me guess, the message is something along the lines of:

Quote:

Subject: [filename (random)]
Body: [content varies]

---ENGLISH VERSION---

Hi! How are you?

I send you this file in order to have your advice
or I hope you can help me with this file that I send
or I hope you like the file that I sendo you
or This is the file with the information that you ask for

See you later. Thanks

---SPANISH VERSION---

Hola como estas ?

Te mando este archivo para que me des tu punto
de vista
or Espero me puedas ayudar con el archivo
que te mando
or Espero te guste este archivo que te mando
or Este es el archivo con la información que
me pediste

Nos vemos pronto, gracias.

and features an attachment that looks like a standard .doc or .xls file, but which is followed by a .pif extension.

If this is correct, you're being hit by the — W32/SirCam@mm (Sir Cam Virus)— . I've received a few dozen such emails during the past two days, which is a pain in the butt since I'm on a dialup modem.

As if usually the case, though, you're fine as long as you don't touch the attachment. Norton doesn't seem to be picking it up yet, though McAfee is, so the virus should die soon.

[Lil_Red]

We own the domain server.com. We can definitively say that there is no such subdomain as mail.server.com within our domain. What happens is spamcop skips the IP addresses that sits next to a nonexistent subdomain so I end up having to explain to an irate person that they need to contact bla bla ISP who owns IP address such and such.

If spamcop traced headers properly, I would not have to devote time to correcting another company's error. It's a pet peeve of mine - companies that do not do their jobs properly.

[Headshop]

Lil_Red,
your lucky you haven't been blackholed by major networks with all those spam cop complaints. I had a domain blocked once and it wasn't even possible to send email from it. I made some fast calls to major network dudes and had the block down in minutes. We need laws not email complaints that do nothin*

[joma]

I've received about a dozen emails containing the same virus Czar describes - usually the Spanish version for some reason. Never seen an email virus this bad.

[Steve_S]

me to!

Can't ever remeber one this bad. Iv'e set a "rule" for my client so ALL attachments get nuked right off the server. I will release it in a few days as from what I hear this "persson" will probably get caught real soon. <fingers crossed>

Wait till Corporate America picks up their email on Moday in the USA/Canada. Then we get very serious.

Whoever or what ever this person is should spend a minamum of 5 years behind bars. Regardless of their age! First offence for this. 5 years.

BTW...wrong forum. Watch vB insert a link. Moving to Webmaster Issues. Please join us.

[dot_com]

So does anyone know what this Virus does to your computer??

[Czar]

McAfee reports that it searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP files [amongst others] in the MY DOCUMENTS folder and attempts to send copies of these documents to email recipients found in the Windows Address Book and addresses found in cached files.

That's quite a distribution payload. I've never seen a virus send emails to addresses found in cached files. This is obviously bad news for webmasters such as we who have email addresses visible within their sites' source code.

[Jan]

You can read about it here:

http://vil.mcafee.com/dispVirus.asp?virus_k=99141&

[suresk]

I've been getting at least 3 or 4 per hour today. No worries - I have DSL so it takes but a second to download them all, and I don't download them, but still very annoying and it ties up net traffic.

A lot of people don't have enough sense to not open them, simply telling them "Don't open the attachments" would save a lot of hassle.

Don't open attachments unless you know who it is from and you are expecting one from them. A lot of these viruses work because it LOOKS like your friend is sending you something, because of the way it sends to all the email addresses.

5 Years? Try 5 years per computer infected! If they get a good lawyer, maybe they can get it reduced to 4 years per coomputer infected. Then make them watch as their computer equipment is melted right before their eyes

Honestly though, the originators of these viruses are from other countries, where they will probably be a national hero for wreaking havoc like this, rather than punished. Even in the United States or select few other countries where these crimes would be taken seriously, its most likely a slap on the wrist at worst.

[MattC]

I've heard of this (or a very very simular virus) that sent someone a quake level as the attachment

This is a drop in the bucket compared to what Code Red (or Code Red II) is/will do.

http://www.eeye.com/html/Research/Ad...L20010717.html

One of the more ingenius worms I've seen


-Matt