SoBig.F. Please read.

**Skraggy_uk** · 08-21-2003, 05:47 PM

Who's been hammered by this today?
In the last 24hrs I've recieved over 130 mails infected by it, plus 26 bounces containing faked address's supposedly from me (my system and the server, and every other PC on my homenetwork is clean, Natted, and firewalled.

Most the messages have incomplete headers.
but a 5 of the bounces that included the full headers included the server name MARGI, and an AT&T owned IP address.

Address is 12.207.156.209

Looks to be part of a Dialup/Dynamic connection pool.

Any one recognise that IP, if you do, check your system very carefully.
I'm not pointing and blaming, just trying to help you sort things out, if it is you.

**gizmomkr** · 08-21-2003, 06:40 PM

Well you know its the fastest spreading computer virus to date.

You just might get a couple of copies of it. Are you saying someone that reads this board has it - I wouldnt doubt it; Whats your point ?

Yes its a huge pain in the *** to hit delete. Sys admins across the nation have people screaming down there throats - and they have hundreds of client machienes to clean, in addition to a way over worked server trying to cope with all the traffic.

Just be glad the worm doesnt attack your file system and delete data.

**Blop** · 08-21-2003, 07:16 PM

Originally Posted by gizmomkr

Well you know its the fastest spreading computer virus to date.

You just might get a couple of copies of it. Are you saying someone that reads this board has it - I wouldnt doubt it; Whats your point ?

Yes its a huge pain in the *** to hit delete. Sys admins across the nation have people screaming down there throats - and they have hundreds of client machienes to clean, in addition to a way over worked server trying to cope with all the traffic.

Just be glad the worm doesnt attack your file system and delete data.

Compare this to a network of 5000 machines being off line for 3 hours today and then consider yourself lucky......

Sobig.F and something else....Nachi bought are network to its knees

**Skraggy_uk** · 08-22-2003, 02:24 AM

I know it isn't a problem to hit delete. But if someone has it, and doesn't know, (and it uses it's own SMTP engine so why would you other than the internet gets a bit slow if you are using it while it bulk mails silentley) wouldn't they want someone to tell them and fix it?

**Blop** · 08-22-2003, 04:18 AM

The University network is sooooo pooooo if you sneeze it will fall.

**Skraggy_uk** · 08-22-2003, 06:38 AM

Originally Posted by gizmomkr

Well you know its the fastest spreading computer virus to date.

You just might get a couple of copies of it. Are you saying someone that reads this board has it - I wouldnt doubt it; Whats your point ?

Yes its a huge pain in the *** to hit delete. Sys admins across the nation have people screaming down there throats - and they have hundreds of client machienes to clean, in addition to a way over worked server trying to cope with all the traffic.

Just be glad the worm doesnt attack your file system and delete data.

Thing is, I'm not infected.
But for my poor old Pentium pro mail and web server and NAT router, even the few hundred it has handled in the last couple of hours is tough for it.

It's all incoming, and bounce messages.
I must have had 10 from each address now, and just like mine in the bounces, they are probably fake (the real sender that is).

**hijinks21** · 08-22-2003, 06:45 AM

i keep graphs of cpu performance of our mailserver and when sobig hit there was a 700% jump in CPU usage. this is for a small company of 10 people mind you. I'd hate to be an admin of a big network.

**mp3z24** · 08-22-2003, 09:04 AM

perhaps this is the reason i cant get onto hotmail today....
keeps claiming "Server too busy"

~mike

**chut** · 08-22-2003, 09:31 AM

We got pummeled by the spam that contains the "sobig" virus. It slowed down our mail server somewhat. I'm glad to say that out of 250 clients we only got three infected. I yell at our end users alot and sometimes they listen. This time they did. Interesting enough, the three that got infected were our gen mgr, a department supe and my desktop machine. I know I didn't click on the attachment so they must have infected by just opening the email.

Take Care

**hijinks21** · 08-22-2003, 10:54 AM

chut yes.. thats why you never use Outlook

Thread: SoBig.F. Please read.

LinkBack

Thread Tools

Search Thread

Display

SoBig.F. Please read.

Bookmarks

Bookmarks

Posting Permissions