huml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: SoBig virus
- From: Rex Brooks <rexb@starbourne.com>
- To: karl.best@oasis-open.org, jamie.clark@oasis-open.org, webmaster@oasis-open.org
- Date: Wed, 20 Aug 2003 06:04:23 -0700
Title: SoBig virus
Hi Folks,
As one of what is certainly fewer than Wintel platform victims,
my experience as a Mac OS email/office productivity app user may be
valuable in troubleshooting our current dilemma with the SoBig
mass-emailing virus. I work cross-platform as a graphic designer, and
use my office Mac for office stuff simply because it is less
susceptible to attack through lack of interest. I have two isolated
LANs, a cable and a DSL connection, with my Wintel boxes and laptop on
cable and Mac on DSL. Only the Mac is affected, and only (apparently)
from OASIS address sources. Since I subscribe to non-OASIS lists as
well as ordinary unrelated individual business and personal emailing,
I can fairly well isolate sources.
The reason I am writing to this group is that the only common
denominator that I have found among those of my friends and associates
who are also receiving these increasing numbers of messages is
subscription to one or more OASIS mailing lists.
I had innumerable bogus messages yesterday, and just deleted 46
instances that were waiting for me when I checked my mail this
morning. These messages had subject lines of "Your ...(anything,
it changes from 'order' to "subscription' to 'mail), Thanks,
Thank You, Wicked, and "Details..." and RE: any of
these,plus it uses our email addresses as "from" sources, so
we get bounced mail messages in roughly equal numbers so far.
Here is an article on this virus and a new "good"
variant of the MSBLASTER worm, which appear to share a common
charactertistic of causing the networks to bog down whether these are
specifically aimed at denial of service attacks or some other purpose
that the anti-virus folks haven't determined.
http://zdnet.com.com/2100-1105_2-5065644.html
I suggest OASIS may want to investigate further, since this is
following upon their recent hack attack episode. I would also suggest
that if this continues, and the system continues to be compromised as
appears likely, it might, in the long term, be more effective to shut
down and cleanse the system thoroughly, than to attempt to fix or
patch on the fly.
FWIW,
Rex
--
Rex Brooks
GeoAddress: 1361-A Addison, Berkeley, CA, 94702 USA, Earth
W3Address: http://www.starbourne.com
Email: rexb@starbourne.com
Tel: 510-849-2309
Fax: By Request
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]