discuss: Re: How many LDP authors are getting hammered by the SoBIG.F virus?
Subject:
Re: Poll: How many LDP authors are getting hammered by the SoBIG.F virus?
From:
####@####.####
Date:
23 Aug 2003 16:04:03 -0000
Message-Id: <OFCF5618EF.3589CECA-ON88256D8B.00582DE5@notes.seagate.com>
I use pine, so i think i am safe.
In Peace,
Saqib Ali
David Ranch
####@####.#### To: ####@####.####
et> cc:
No Phone Info Subject: Poll: How many LDP authors are getting hammered by the SoBIG.F virus?
Available
08/23/2003 08:50
AM
Hello Everyone,
I was trying to understand why I've been receiving ~700 virus emails a day
and
after some research, I found this on ISS's site:
--
http://xforce.iss.net/xforce/alerts/id/151
This worm attempts to bypass mail scanners by including the header
"X-Mailscanner: this item found to be clean". Once activated on a system,
the worm will install itself as C:\%windir%\winppr.exe and also creates
the file c:\%windir%\winstt32.dat. A registry entry is also added so that
this executable will be run upon system restart (The key installed
in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run is
ScanX with the value "c:\winnt\winppr.exe /sinc"). The program then
proceeds to scan files on the victims hard drive (with the exception of
the %windir% directory) for valid email addresses in files with certain
extensions (htm, html, dbx, hlp, mht, txt, wab), and propagate by sending
the same email message to those.
--
So, any user who has saved a LDP howto in HTML form on their HD and was
infected with this virus would send an email to the author. So, my
question to
the community..
Is everyone else also getting hammered by this virus too?
--David
.
----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware ####@####.####
|
!----
----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
-----'
______________________
http://lists.tldp.org/