[Dshield] looks like a new virus via spaming

Coxe, John B. JOHN.B.COXE at saic.com
Tue Aug 19 18:27:43 GMT 2003


This one is all over.  Variations appear to exist as well.  Starting to see
a lot of them using addresses at winzip.com for originators (help@,
support@, and sitesales@) lately.

-----Original Message-----
From: Dan [mailto:dan at dbdigitalweb.com]
Sent: Tuesday, August 19, 2003 10:32 AM
To: General DShield Discussion List
Subject: Re: [Dshield] looks like a new virus via spaming


Hello all,
Well I just got mail bombed with some new virus (at least that was my
bet)called movie0045.pif.  It was all deleted before it reached my machine
(mail washer).  The subjects vary between Your details, that movie,
approved, thank you!, or wicked screen saver.  They appear to come from
various sources, but I suspect that it is all the same spamer just using
various different paths open to him as they all came in to the same email
address at only a few minutes/seconds appart.

Just wondering if anyone else has seen this.

Oh I forgot to mention about 30 of these hit my mailbox so far and still
comming.  And it looks like some of them used my email as a return address
as I got a message from one of them:

"The mail message you sent to (*******************) on 08/19/2003 11:27:38
with the file wicked_scr.scr contains the WORM_SOBIG.F virus. If you have
questions regarding files or updating/installing Anti-virus protection on
your PC, please contact your e-mail administrator or help desk."

So it appears that the ones named "wicked screen saver" did have the sobig
virus.  And I bet that the rest of them did as well.


-Dan

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list