OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

emergency message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SoBig virus

Title: SoBig virus
Hi Folks,

As one of what is certainly fewer than Wintel platform victims, my experience as a Mac OS email/office productivity app user may be valuable in troubleshooting our current dilemma with the SoBig mass-emailing virus. I work cross-platform as a graphic designer, and use my office Mac for office stuff simply because it is less susceptible to attack through lack of interest. I have two isolated LANs, a cable and a DSL connection, with my Wintel boxes and laptop on cable and Mac on DSL. Only the Mac is affected, and only (apparently) from OASIS address sources. Since I subscribe to non-OASIS lists as well as ordinary unrelated individual business and personal emailing, I can fairly well isolate sources.

The reason I am writing to this group is that the only common denominator that I have found among those of my friends and associates who are also receiving these increasing numbers of messages is subscription to one or more OASIS mailing lists.

I had innumerable bogus messages yesterday, and just deleted 46 instances that were waiting for me when I checked my mail this morning. These messages had subject lines of "Your ...(anything, it changes from 'order' to "subscription' to 'mail), Thanks, Thank You, Wicked, and "Details..." and RE: any of these,plus it uses our email addresses as "from" sources, so we get bounced mail messages in roughly equal numbers so far.

Here is an article on this virus and a new "good" variant of the MSBLASTER worm, which appear to share a common charactertistic of causing the networks to bog down whether these are specifically aimed at denial of service attacks or some other purpose that the anti-virus folks haven't determined.


I suggest OASIS may want to investigate further, since this is following upon their recent hack attack episode. I would also suggest that if this continues, and the system continues to be compromised as appears likely, it might, in the long term, be more effective to shut down and cleanse the system thoroughly, than to attempt to fix or patch on the fly.

Rex Brooks
GeoAddress: 1361-A Addison, Berkeley, CA, 94702 USA, Earth
W3Address: http://www.starbourne.com
Email: rexb@starbourne.com
Tel: 510-849-2309
Fax: By Request

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]