[Dshield] FYI Sobig

Josh Tolley josh at raintreeinc.com
Thu Aug 21 23:23:29 GMT 2003

You most likely got this as an automated message from an MTA's virus
scanner, because the virus scanner got this message from some Sobig.F
infection claiming to be you. The virus scanner as a general rule includes
the text of the message it's complaining about when it sends one of these
notifications so that the allegedly responsible sender can know what message
specifically is causing the problems. But the virus scanner won't send out
the virus it detected, so you don't infect yourself again. Since you weren't
involved in the sending of the original message, you're just getting this
message just like you'd get reject packets and things if someone were
spoofing your IP. Best to ignore it, I guess. 


> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of Samuel
> Sent: Thursday, August 21, 2003 3:54 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] FYI Sobig
> ----- Original Message ----- 
> From: "John D." <lists at webcrunchers.com>
> To: "General DShield Discussion List" <list at dshield.org>
> Sent: Thursday, August 21, 2003 1:52 PM
> Subject: Re: [Dshield] FYI Sobig
> > >Now this thing is getting really funny. He is sending out 
> emails as me.
> > >Check out the headers, he is using my other account with 
> his IP address.
> > >
> > >Here is a virus alert email sent.
> > >
> > >                           V I R U S  A L E R T
> > >
> > >Our viruschecker found the
> >
> > Yup - Typical Joe Job....   See my earlier proposal to put 
> up a Honeypot
> to monitor these things....   I met there is a lot of other 
> nasty things it
> has in store....
> >
> > John
> I don't understand. At least the message I received was from a message
> service that scanned the email and complained. Maybe I was 
> fooled by the
> worm or virus but I see no reason for it to do that. There 
> was no virus
> attached to the message I received.
> So unless the Mailscanner dot info web site is dangerous 
> there seems to be
> no reason for the virus to send the message.
> Unless the author has modified the email to look like 
> something that is
> being sent legitamately.
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list