Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Sobig worm - Second Wave

Reply
Thread Tools

Sobig worm - Second Wave

 
 
slumpy
Guest
Posts: n/a
 
      08-22-2003
"So, Mr Slumpy you *really* are the perpetual comedian, aren't you ?" I
threw back my head and roared with laughter as Tina - AffordableHOST.com
continued:

> Exactly. I sent out a mass email to our customers yesterday. At the
> end of each paragraph, which meant I stated it FIVE TIMES, I put this:
>
> "DO NOT OPEN ANY UNKNOWN EMAILED FILES - EVEN IF IT IS FROM SOMEONE
> YOU KNOW!!!!"
>
> Thinking that being SO far over the top, in warning everyone...that
> there would be absolutely no doubt in anyone's mind about this. Do
> you know, we got questions like "My son sent me a screen saver file
> and I opened it. I'm now thinking it might have been the attachment
> you were talking about."
>
> You laugh. We get headaches. "
>
> --Tina


It is sad that people can be so ignorant. The news at various places I
visited today was that their systems were all but dead due to people blindly
opening attachments. They all wear suits, have responsible jobs and make
decisions that potentially could affect us all. Yet they do not have a
****in clue.
Amazing...
--
slumpy
no more
no less
just slumpy


 
Reply With Quote
 
 
 
 
Kraftee
Guest
Posts: n/a
 
      08-22-2003
PCyr wrote:
> Oh please. Don't give that advice. If you follow the three rules
> to computer security, it's almost always fine to open attachments
> from people you know.



Except when they get infected. Yes it can happen to the people you
know as well as all those out 'there'. Yes it has happened to an
associate of mine, who claimed he was PC savvy. I also know of
software specialists who run completely open unprotected public BBS's
as it's to much like hard work to secure them & then they wonder why
they get trashed...

Sorry it's a case of everything is supsect as for the rest of your
post I can generally agree with you especially about the updates..

>
> 1) The most important thing: Anti-virus. Norton is great, and I've
> heard many good things about AVG. McAfee, or McCrappy, is a piece
> of garbage. It may work fine with some users, but it doesn't
> provide the security most people need. I've heard way way way to
> many problems with it. 2) Firewall. Use the one with XP, or
> download/buy a different one, but make sure you have at least a
> basic one. 3) The last, but DEFINITELY not least: Updates. Keep
> you computer *and* virus definitions up to date.
>
>
> Email address is fake to prevent SPAM.
> Real email address is pcyr2000 AT hotmail DOT com
> Change the obvious to the obvious.
> ------------------
> "Tina - AffordableHOST.com" <(E-Mail Removed)> wrote in
> message news:(E-Mail Removed)...
>> DO NOT OPEN ANY UNKNOWN EMAILED FILES - EVEN IF IT IS FROM SOMEONE
>> YOU KNOW!!!!
>>
>> If you think your computer may be infected, there is a small
>> program available to scan and clean your system (Windows):
>> http://download.nai.com/products/mca...rt/stinger.exe
>>
>> --Tina
>>
>> --
>> http://www.AffordableHOST.com
>> 20% Discount Code: newsgroup
>> Serving the web since 1997
>>
>> "Plato" <|@|.|> wrote in message
>> news:3f467296$0$15392$(E-Mail Removed)...
>>
>>> http://www.updatexp.com/sobig-attack.html
>>>
>>>
>>>
>>>
>>> --
>>> http://www.bootdisk.com/




--
B-)
Life is pain.....
Deal with it!!


 
Reply With Quote
 
 
 
 
Kraftee
Guest
Posts: n/a
 
      08-22-2003
Will Denny wrote:
> No offence meant, Kraftee. It's a shame that the way that NTL have
> shown to get rid of MSBlaster is wrong. They haven't mentioned
> RPC, which is one of the main problems.
>


Now that's something I can agree with you on.

The good thing about NTL's handling of the whole affair though is the
way that they at least have tried to warn their users, indeed they
have given one of their self promotion channels over to the matter
virtually 24 hours a days, this week (well I'm having trouble sleeping
& tried to bore myself to sleep, it failed, think I'll try QVC or
Ideal home next time)... That in itself is far more than some other
ISP's have done, so at least they have tried/are trying (very
trying)...

)

> Will
>
> "Kraftee" <(E-Mail Removed)> wrote in message
> news:Iqv1b.2038$(E-Mail Removed)...
>> Will Denny wrote:
>>> Oh cr*p, are you here as well Kraftee <VBG>
>>>
>>> Will

>>
>> Hello (very) little boy *eg*
>> --
>> B-)
>> Life is pain.....
>> Deal with it!!
>>
>>

>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003




--
B-)
Life is pain.....
Deal with it!!


 
Reply With Quote
 
Slinky
Guest
Posts: n/a
 
      08-22-2003
ROTFLMAO...

"Tina - AffordableHOST.com" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> DO NOT OPEN ANY UNKNOWN EMAILED FILES - EVEN IF IT IS FROM SOMEONE YOU
> KNOW!!!!
>
> If you think your computer may be infected, there is a small program
> available to scan and clean your system (Windows):
> http://download.nai.com/products/mca...rt/stinger.exe
>
> --Tina
>
> --
> http://www.AffordableHOST.com
> 20% Discount Code: newsgroup
> Serving the web since 1997
>
> "Plato" <|@|.|> wrote in message
> news:3f467296$0$15392$(E-Mail Removed)...
>
> > http://www.updatexp.com/sobig-attack.html
> >
> >
> >
> >
> > --
> > http://www.bootdisk.com/

>
>



 
Reply With Quote
 
PCyr
Guest
Posts: n/a
 
      08-22-2003
I agree that everything is a suspect, but it doesn't mean you can't EVER
open attachments, as she says.
--
Check out http://www.kellys-korner-xp.com for amazing tweaks and fixes

Member of "Newsgroups are for everyone" (Perdita X. Twitt is a
self-appointed, self-righteous, ruthless, bitchy net-cop too!)

Email address is fake to prevent SPAM.
Real email address is pcyr2000 AT hotmail DOT com
Change the obvious to the obvious.
------------------
"Kraftee" <(E-Mail Removed)> wrote in message
news:uQv1b.2053$(E-Mail Removed)...
> PCyr wrote:
> > Oh please. Don't give that advice. If you follow the three rules
> > to computer security, it's almost always fine to open attachments
> > from people you know.

>
>
> Except when they get infected. Yes it can happen to the people you
> know as well as all those out 'there'. Yes it has happened to an
> associate of mine, who claimed he was PC savvy. I also know of
> software specialists who run completely open unprotected public BBS's
> as it's to much like hard work to secure them & then they wonder why
> they get trashed...
>
> Sorry it's a case of everything is supsect as for the rest of your
> post I can generally agree with you especially about the updates..
>
> >
> > 1) The most important thing: Anti-virus. Norton is great, and I've
> > heard many good things about AVG. McAfee, or McCrappy, is a piece
> > of garbage. It may work fine with some users, but it doesn't
> > provide the security most people need. I've heard way way way to
> > many problems with it. 2) Firewall. Use the one with XP, or
> > download/buy a different one, but make sure you have at least a
> > basic one. 3) The last, but DEFINITELY not least: Updates. Keep
> > you computer *and* virus definitions up to date.
> >
> >
> > Email address is fake to prevent SPAM.
> > Real email address is pcyr2000 AT hotmail DOT com
> > Change the obvious to the obvious.
> > ------------------
> > "Tina - AffordableHOST.com" <(E-Mail Removed)> wrote in
> > message news:(E-Mail Removed)...
> >> DO NOT OPEN ANY UNKNOWN EMAILED FILES - EVEN IF IT IS FROM SOMEONE
> >> YOU KNOW!!!!
> >>
> >> If you think your computer may be infected, there is a small
> >> program available to scan and clean your system (Windows):
> >> http://download.nai.com/products/mca...rt/stinger.exe
> >>
> >> --Tina
> >>
> >> --
> >> http://www.AffordableHOST.com
> >> 20% Discount Code: newsgroup
> >> Serving the web since 1997
> >>
> >> "Plato" <|@|.|> wrote in message
> >> news:3f467296$0$15392$(E-Mail Removed)...
> >>
> >>> http://www.updatexp.com/sobig-attack.html
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> http://www.bootdisk.com/

>
>
>
> --
> B-)
> Life is pain.....
> Deal with it!!
>
>



 
Reply With Quote
 
Will Denny
Guest
Posts: n/a
 
      08-22-2003

"Kraftee" <(E-Mail Removed)> wrote in message news:8Wv1b.2058$(E-Mail Removed)...
> Will Denny wrote:
> > No offence meant, Kraftee. It's a shame that the way that NTL have
> > shown to get rid of MSBlaster is wrong. They haven't mentioned
> > RPC, which is one of the main problems.
> >

>
> Now that's something I can agree with you on.
>
> The good thing about NTL's handling of the whole affair though is the
> way that they at least have tried to warn their users, indeed they
> have given one of their self promotion channels over to the matter
> virtually 24 hours a days, this week (well I'm having trouble sleeping
> & tried to bore myself to sleep, it failed, think I'll try QVC or
> Ideal home next time)... That in itself is far more than some other
> ISP's have done, so at least they have tried/are trying (very
> trying)...
>
> )


I agree with the channel devoted to... but they aren't solving the problem with their own 'solution'. I've tried to contact them to point out their mistake, but can't get hold of them... It's a shame that they haven't got any staff that really knows how XP works - never mind, we'll survive.

Will



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
 
Reply With Quote
 
kurttrail
Guest
Posts: n/a
 
      08-22-2003
Kraftee wrote:

> PCyr wrote:
>> Oh please. Don't give that advice. If you follow the three rules
>> to computer security, it's almost always fine to open attachments
>> from people you know.

>
>
> Except when they get infected. Yes it can happen to the people you
> know as well as all those out 'there'. Yes it has happened to an
> associate of mine, who claimed he was PC savvy. I also know of
> software specialists who run completely open unprotected public BBS's
> as it's to much like hard work to secure them & then they wonder why
> they get trashed...
>
> Sorry it's a case of everything is supsect as for the rest of your
> post I can generally agree with you especially about the updates..
>


WinUpdates aren't all that *critical*, if you have a good firewall,
updated AV, and use your common sense.

WinUpdates are like playing Russian Roulette, eventually someone pulls
the trigger, and finds that the chamber ain't empty. Just look at all
the people that have been scared into doing all of MS's Updates in the
last week that are having problems. In a way, this scare into doing
WinUpdates has been a kinda worm all on it's own.

1.) Firewall between your computer/network and your internet
connection. And having a software firewall on your computer, in
addition, is even better!

2.) Keep your AV up-to-date!

3.) Use your common sense! Stay away from high risk
activities, like file-sharing, porn sites, not opening up email
attachments from friends and family, unless you're expecting them in
advance, reading before you click on any pop-up, . . . . the list goes
on & on.

3a.) Do WinUpdates on a regular basis, but not en masse. I'd get used
to developing a relationship WinUpdate and reading a group like this, so
that you can hear about any problems that can & have happened with MS
updates, before you install them, and you'll know what update actually
screwed up, when it happens to you.

I didn't make doing WinUpdates a number of it's own, because it really
is only a part of using your common sense too.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.kurttrail.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


 
Reply With Quote
 
slumpy
Guest
Posts: n/a
 
      08-22-2003
"So, Mr Slumpy you *really* are the perpetual comedian, aren't you ?" I
threw back my head and roared with laughter as PCyr continued:

> I agree that everything is a suspect, but it doesn't mean you can't
> EVER open attachments, as she says.


Doesn't take much to save and scan tho. Seems there are too many ignorami
out there all claiming to be 'savvy'.
--
slumpy
no more
no less
just slumpy


 
Reply With Quote
 
Kraftee
Guest
Posts: n/a
 
      08-22-2003
kurttrail wrote:
> Kraftee wrote:
>


> WinUpdates aren't all that *critical*, if you have a good firewall,
> updated AV, and use your common sense.



& in there lies the problem, the great majority of the unwashed public
who use computers have little if any common sense about them. As long
as it turns on & does what they want at that specific moment they
don't care if it's infected or not, they don't care if it sends out
viri infected mails, they don't care of it's got a trojan onboard,
they don't care if it's used remotely for any dubious purposes, as
long as it does what they want (download music, play the latest games,
even just browse the net) when they want they are happy.

For instance one of my work colleagues was warned last week about
MSBlaster, he was running XP but didn't do anything, yes he was
infected. Another colleagues of mine spent some time sorting it all
out.

Within 24 hours the PC owner was unhappy with the way it was running,
wouldn't put his finger on what it was though, & so has 'rolled it
back' to the beggining of last week....

Another lent me a Disk & when I read it with one of my machines the AV
went balistic, when I spoke to them they said that of course they
didn't have any viruses on their mahine, it was protected but on being
pressured they then admited it was a freeby of a magazine which was
over 18 months old & had never ever been updated.

I can see very little common sense with any of the above & I'm afraid
that their attitude is more common than sense is.

How often do you meet up with virgin installs of Windows 98 (not SE),
never been patched, never been updated & then the owners report
problems with USB equipment? Well I do I'm afraid (& they aren't
rare) & when you start to talk to them about updating/patching they
don't appear to be able to grasp the reason behind it. I spent ove 2
hours at one user's this week where once again they had problems with
a USB modem, it's only after had jumped through all the hopes I could
think off that I was told that they hadn't installed the drivers as
they kept getting an error...

Most of the people who post on here are either trying to learn or
trying to help (I did say most not all) but we are in the minority &
you must remember that.

>
>
> 1.) Firewall between your computer/network and your internet
> connection. And having a software firewall on your computer, in
> addition, is even better!


Only if confiigured properly though. Since putting in my hardware
security firewall I see very few probes on any machines, the only ones
I am seeing at the moment have very little to do with port 139 &
everything to do with 4662 (emule) & yes I can configure it block
specific outgoing traffic as well...
>
> 2.) Keep your AV up-to-date!


Of course, but that means the user is bothered...
>
> 3.) Use your common sense! Stay away from high risk
> activities, like file-sharing, porn sites, not opening up email
> attachments from friends and family, unless you're expecting them in
> advance, reading before you click on any pop-up, . . . . the list
> goes on & on.


Actuallly if you do use your sense most of the above are reasonably
safe, but you've got to think about what you are doing & think about
your online safety at all times...

> 3a.) Do WinUpdates on a regular basis, but not en masse.


I do agree that it is not wise to mass download all updates & patches
& that you should do them one by one, when they are released (well
after a time so that others can report any problems they find first),
excpet of course if you are doind a fresh install, but then you
download the ones you know are ok. I must admit though I have
personally had very little trouble with any of them ( but maybe I'm
lucky).

Anyway I've rambled enough & the Tamazipan have kicked in.

Good night to you all, be safe, be careful I've got a feeling it will
get worse before it gets better..

--
B-)
Life is pain.....
Deal with it!!


 
Reply With Quote
 
Kraftee
Guest
Posts: n/a
 
      08-22-2003
Will Denny wrote:
> Hey Kraftee
>
> Good posting, although I would to disagree with you on your comment
> about 'the unwashed'. You have to remember that a lot of XP users
> are 'upgraders', some from Win 95, and have to take XP very
> carefully.


That used to be true, but not anymore as XP Home appears to be the OS
of choice with all new machines now so the uninitiated are thrown in
the deep end as soon as they buy a PC...
>
> You couldn't/didn't help your colleague at work - no wonder the
> 'nasty' has spread so rapidly. 'virgin' install, not a 'clean'
> install - I know that you will tell me the difference.


Same difference, installs which have never even seen the Update page,
any update page in fact (AV or Firewall either)
>
> In reference to your last paragraph - are you learning or helping?


If any of us are honest it's got to be both as no one knows everything
& anybody who thinks they do knows nothing, hopefully the day I stop
will be the day I'm dead...

Anyway I was going to bed 45 minutes ago, but I've been enjoying this
to much to leave.

Wonder if anybody has noticed any degrading of the network for the
last few hours (due to Sobig) I know I haven't but then again I
haven't really looked as my favourite site has dissapeared over the
last few days anyway...

I've said it before nite nite, the nurse will have a go at me tomorrow
if she finds out :-S
--
B-)
Life is pain.....
Deal with it!!


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Antigen found VIRUS= I-Worm.Sobig.f (Kaspersky,CA(InoculateIT)) worm ANTIGEN_ML-MAIL Ruby 0 09-09-2003 07:11 PM
Re: SOBIG-F SECOND WAVE ATTACK - M$ Windows William Poaster Computer Support 24 08-24-2003 05:27 PM
Sobig worm - Second Wave Plato Computer Information 23 08-24-2003 03:14 PM
New Sobig variation on the loose W32/Sobig.F-mm Lord Shaolin Computer Security 7 08-21-2003 11:04 PM
[Alert] SoBig Worm Spreading Online Boomer Computer Support 0 08-20-2003 06:30 AM



Advertisments