[Squishy] Infected Covad user?
Jeff Wishnie
jeff@wishnie.org
Thu, 21 Aug 2003 13:04:29 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_00FC_01C367E4.C1BE3B60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Folks,
I have been getting seriously mailbombed _all day_ with the Sobig.F =
email trojan horse. The originator seems to be:
"from r-66-167-74-49.snvacaid.covad.net ([66.167.74.49] helo=3DMATRIX)"
If you are a COVAD user PLEASE check your machine to see if YOU are the =
source.
You can run this tool from Symantec to clean your system:=20
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.re=
moval.tool.html
Also, please note that some of the trojan sent messages have been =
spoofing the sender with MY EMAIL. None of these are originating from my =
machine (my name must have been pulled from an address book on the =
infected system).
But be aware, I am _not_ sending any emails with _attachments_.
- Jeff
------=_NextPart_000_00FC_01C367E4.C1BE3B60
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Folks,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I have been getting seriously =
mailbombed _all day_=20
with the Sobig.F email trojan horse. The originator seems to =
be:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>"from r-66-167-74-49.snvacaid.covad.net =
([66.167.74.49] helo=3DMATRIX)"</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>If you are a COVAD user PLEASE check =
your machine=20
to see if YOU are the source.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>You can run this tool from Symantec to =
clean your=20
system: </FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig=
.f@mm.removal.tool.html">http://securityresponse.symantec.com/avcenter/ve=
nc/data/w32.sobig.f@mm.removal.tool.html</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Also, please note that some of the =
trojan sent=20
messages have been spoofing the sender with MY EMAIL. None of these are=20
originating from my machine (my name must have been pulled from an =
address book=20
on the infected system).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>But be aware, I am _not_ sending any =
emails with=20
_attachments_.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>- Jeff</FONT></DIV></BODY></HTML>
------=_NextPart_000_00FC_01C367E4.C1BE3B60--