attn computer experts. What virus-related scam is this?

I've received two emails saying I sent a virus. The problem is that I never sent emails to these places and I do not have the worm. I run '98 and furthermore, have a firewall and virus protection. Not only that, but my computer is not exhibiting any virus or worm symptoms.

So what could be behind such emails as this:

A virus has been detected in an email attachment that
you sent to XX University. This email has been rejected and not
delivered to the
recipient. Please check your system for viruses.


The scanned document was QUARANTINED.


Virus Information:
The attachment application.pif contained the virus
W32.Sobig.F@mm and could
NOT be repaired.



Cher

I like my Macs more and more everytime I see something like this.

NOTE: I am not the biggest Windows fan, and use Linux for many things.

That being said, the primary reason why Windows viruses and worms are so prevalent is precisely because Windows itself is so prevalent. And hated. That makes it a huge target in hacking circles, where literally thousands of people are trying on a daily basis to find holes, highly motivated by their dislike of all things Microsoft.

I think it's safe to assume that if any other OS had such a huge negative following, we would see just as many exploits and viruses on that platform. In fact, significant security holes are constantly found on other platforms, just never abused and exploited to the extent Windows' flaws are.

So don't assume some false sense of security or superiority simply because you use Macs.

"Superiority" may be a matter of opinion, but "security" is not, especially as you began to explain.

Most virus/worm attacks are designed for Windows systems, rather than Macs, for the same reason "taggers" spraypaint their work on the sides of subways, and not the inside of their closets. In an ego-based work, you want as many people to see it as possible. So you don't design it on a system that reaches 1% of the population (if that).

However, that less popular system is more "secure" than Windows -- much in the same way a 1970 Buick is more "secure" than a 2002 Honda Civic. Not all security is active security.

Eloquently put!

While you're partially correct (the number of Windows users is huge), Windows is much more prone to insecurities than (say) Unix. MS operating systems originated from a single user, single tasking system. That plus MS's concentration on marketeering has led to a crappy (sorry for the technical term) OS.

The entire history of M$ has been to cobble new code on top of old code, partially in the interests of compatibility, partly in the interests of saving money and getting to market faster. Hell, there was still 16-bit code in Windows 2000, wasn't there?

But if you keep up with SANS, you see that significant numbers of holes are found in the various flavors of UNIX as well. Even today, despite years and years of UNIX being refined and improved as a true multi-user system.

Microsoft it's cobble new code code on top of old code? You are hilarious, sir!

I was sort of being facetious. :)

> I think it's safe to assume that if any other OS had such a huge
> negative following, we would see just as many exploits and viruses
> on that platform. In fact, significant security holes are constantly
> found on other platforms, just never abused and exploited to the
> extent Windows' flaws are.

I'm sorry, but you don't understand the difference between a real
computer operating system (with full multi-tasking and protected
memory, disk file systems with controlled access, etc.) and a toy
operating system like pre-NT Windows or pre-OS/X Mac/OS.

While it's still possible for a virus, worm, or trojan to inflict
pain on a real operating system, the damage is contained by the
underlying design of the operating system. Virus writers, no matter
how clever, simply can't "exploit" these real operating systems in
the way that they can Windows.

Windows/NT-derived systems (Windows/NT, Win-2K, and Windows/XP) are
actually a funny special case: NT was designed by Dave Cutler as a
real operating system with full multi-user protection and all the
bells and whistles that go along with that. And then, to allow the
successful use of the same old shitty programs you've always been
running on your Windows PC, many of the security features were
deliberately compromised bythe "Windows" layer atop Win/NT.

Again, the fact that MacOS/X, Unix, Linux, VMS, MVS (etc.) don't
have the plethora of viruses infecting Windows IS NOT A RESULT
OF MARKET SHARE; it's a result of the fact that these operating
systems are fundamentally different from Windows in their approach
to the question of security.

Atlant

This new virus variant sends itself without your help. The SOBIG "propagates via email, constructing outgoing messages with its own SMTP engine - & - propagates over network shares (not confirmed in testing yet)"

Here's the McAfee page on it:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561

I'm no expert, so can't advise you further, but it sounds like you could have been infected without your knowledge.

It brings it's own mail server with it and sends the E-mails using all addresses it finds in the address book for the "from" field and the recipient's address.

Somebody with you in his/her address book has an infected PC.

and I sure ain't got much, but if folks would buy Norton AntiVirus and Norton Persoal Firewall like I have most if not all of your problems would be fixed before you hear about the latest threats.What is happening with the wild e mails is the virus trying to spread itself, I have about 200 that I will have to delete.

I use Nortons and all were scanned and quarantined successfully. In the lot of 40 of the SobigWorm emails there was this Virus Alert


I guess they sent it or something....Trying to make money by causing computer trouble so you would use their product? I don't know....


message reads:


This is an automatic message from the Guinevere Internet Antivirus Scanner.

A message was addressed to <NMaragos@zarembagroup.com>
The message probably contains a virus.

You will want to consult with your system administrator on how to deal with this.

Did they sent the virus to promote business? I never heard of Guinevere Internet Antivirus Scanner.

Any feedback?

the recipient has that program and you are being notified that "your" message was intercepted, that's all

....if folks would buy Norton AntiVirus and Norton Persoal Firewall like I have most if not all of your problems would be fixed before you hear about the latest threats.

I have Norton and have the latest updates.

Furthermore,the day before the worm was released, I had been at the Microsoft security page and downloaded all the security patches.

In addition to all that, I have a router and a firewall!

I sent myself to my yahoo address and they are saying no infection.

In addition, I ran a virus scan last night and it says no viruses.

And, at the risk of repeating myself, I did not email these people who are telling me I have a virus. Sounds like what Imasinnic is saying might be it.

However, on outgoing emails I am getting a message saying that "OE removed attachments." So there may be something there after all.



Cher

. . . I didn't see any indication on the Norton page that they had addressed this particular worm as of sometime yesterday

that "OE removed attachments" does sound odd.

I had never sent the email it said t was unable to deliver. The message contained about 3 attachments. I just deleted the whole thing.

I have the latest Norton updates as well.

I've gotten a ton of those returned e-mails that I never sent, all rejected because they contained a virus. My e-mail address is on one or more people's computers and it is being generated from there, spoofing that it is from "me." It doesn't mean that my computer has a virus--somebody else's does. This worm also a built-in timer, to self-destruct on September 10. The worst thing it seems to do is to clog up everybody's inbox with a LOT of junk mail. The pieces themselves are very large--more than 100 kb, all random garble (unless your antivirus program clears out that crap first).

Here is a link to more information: http://vil.nai.com/vil/content/v_100561.htm

Watch for these subject lines--I haven't seen one come through yet with an attachment (.pif or .scr), which Norton and McAfee pick off--but delete these without opening:

Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie

Update and removal tool:

http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

Re: I'm in trouble!

It came from an address that doesn't work and it was sent to my address in someones else's name. I keep my Norton updated and just downloaded the most recent definitions and I am using Zone Alarm. Be careful if you get anything like this. I wasn't paying attention and opened mine.

don't open any attachments, though! was it full of random letters?
I previewed one (great feature in Eudora! also in MailWasher! you can read mail without actually opening it!) and saw pages and pages of random letters.
That subject line is not in the list for sobig.f--don't know but what it might be some other worm, or a different subject line that wasn't included in the list.

on edit: meant to say, the large size should be a giveaway.

Not just viruses, but bounced spam.

Spammers and viruses/worms/trojans just grab email addies anywhere they find them and randomly pop them into the return addies and replytos when they send the stuff out.

Annoying, isn't it?

not computer-melting