I'm getting spammed from AVSim!

[Guest Vulcho]

As well as many other FS RELATED websites.All e-mails have a +/- 100KB attachment. See image. Note the senders and file sizes!http://forums.avsim.net/user_files/31965.jpgI know that AVSim is not purposely doing this, but what I do know is that someone is leaking out e-mail addresses or taking them somehow. 50% of all the e-mails I got this morning, (mind you my 6MB mailbox was full of them), are FS related. The others have the same big attachments just different senders.I'm really frustrated right now. The reason I bring it up here, well, FS Related, and have a look at the last sender. Keep in mind this is 1/3 of all the e-mails I got this morning. I just saved the ones that had something to do with Flight Sim.I don't give out my e-mail just anywhere. I have spam/fake e-mails I give out for places that are not important.Any advice?

[Guest tgabriel]

That is the SoBig virus and it is spoofing avsim addresses from other infected machines. Make sure your antivirus pattern file is up to date, scan your own system, make sure you are scanning files from online sources, and delete all suspicious e-mails.Click the link for more information:http://www.trendmicro.com/en/home/us/personal.htm

[Guest Vulcho]

Exactly the problem I'm having. Thank you so much for the info. I was not aware of the SoBig worm. I'm doing a system scan as I type.So does this mean that the AVSim server is infected?EDIT: If anyone is experiencing this and is using Norton/Symantec...http://securityresponse.symantec.com/avcen...moval.tool.html

[Guest]

No the AVSIM server is not infected What it means is that a system that is infected had the avsim e-mail address in its address book and the worm is using that to spoof (fake) the address instead of using the address of the server it is coming fromhttp://www.avsim.com/pages/robert/kirkland.jpg

[Guest Miro Majcen]

As Bob already wrote it the the virus on infected machines , worldwide, that takes random things before and after the @ mark in email address syntax and sends that to everyone in that address book. That's how you get it. Lately most of the email worm viruses behave like that and cause confusion and unnecessary traffic. You wouldn't believe how many strange combinations i got :) Make sure you keep your AV scanner updated at all times and don't open attachments you don't know and anticipate. MiroMiro MajcenSenior Managing EditorAVSIM Onlinewww.avsim.com

[Guest tgabriel]

Just to give you guys an idea of what the effect of this SoBig is:I am on of the netadmins for a large state government agency. We have a device called a virus wall installed on our network (among other barriers) that is designed to strip off offending attachments and do virus scans of all network traffic before it comes to the firewall. It is located outside the dmz and on the Internet side of our firewall. Today the traffic was so heavy that it shut down. One of our users called this morning at about 10:00 and complained that an e-mail that one of her constituents had sent had not come to her inbox. We checked the system and the virus wall was off line.We have had this technology running in various variants for over two years and have never seen it overwhelmed as it was today. Now, this is a network that gets over 300,000 e-mails a month! Yes, that is right, Three Hundred Thousand E-Mails A Month, so you can imagine what hit us this morning when our virus wall shut down.Anyway, things seem to be recovering now but the Internet itself is still slow in some areas depending on what level of the Backbone is running heavy SoBig related traffic.A note of information for all of you who read this:Have a good quality anti-virus product on your system and enable the real time scanning feature of it. Keep the pattern files UP TO DATE. Use a firewall. Do not open suspicious e-mails. I know this has all been beaten to death, but I just want to repeat these commonsense ideas one last time.

[Guest Vulcho]

Say, can I get one of these virus walls. Sounds very nice. ;)Thanks for the info.

[Guest tgabriel]

The smiley you used indicates you are not all that serious. But, just for grins, how does a base price in the low $20k range sound - that is just the software, you need a box for it - another $2 - 3K and the win2kadvsvr at about $1.7k. Then come the addons and the other junk to make it hum. Then the admin you need to run it and the other barrier software and hardware. While we are at it throw in a Pix Firewall and make sure your routers have the latest IDS on them. Oh, yeah, the Pix is backed up by a black ice server - sort of a secondary firewall. Then each client (>1000) needs to have its own version of the AV software for the last gasp barrier. The list goes on and on and on and on... :-roll :-roll :-roll :-lol :-lol :-lol

[Guest Vulcho]

Is that all? See I would imagine that it would cost a lot of money and it would be hard to maintain. Sounds like a piece of cake to me. *:-* Maybe in another life. :-lol

[Guest tgabriel]

AND, on top of it all you have to have port security on your switches so that if someone plugs an unauthorized device into your network, the port they are plugging in to disables itself.I don't know which came first, the hacker or the hackee, but as soon as Windows got into the network presence in a big way with almost all ports open by default and started shouldering UNIX aside with all of its ports closed by default, the network security business has become a big, big deal. I just got back from one our our "higher level" officers office where we had a security issue and the he and his executive assistant told me in no uncertain terms in light of what happened this evening he did not care what it costs, he wants to maintain the highest possible security. People want to know there is no way they are being spoofed, they want to know no hacker is going to compromise their web presence. They want to be assured there is impenetrable security to their data.Of course there is no way to make guarantees of anything like what they want and most folks know it too. They just want to make sure we are using the most advanced tools we can get. That is why our AV vendor has sent us 11 pattern updates this week. That is why we spend about 100 man hours a month security testing our network. That is why we have outside consultants try to crack the network both wired and wireless. We even have a company who sends their people at any random time to drive up to one of our buildings and try to crack our wireless Access Points from the outside. They can't. Know why? We have been able to stay one step ahead. So Far. And the guys at the top here spend a lot of money to make sure it stays that way.Remember, worms don't come in via e-mail attachments. If you have open ports you are a target. If you are a target, you will get hit. As I have written in these pages before, even if you don't suffer the ill effects of a virus, you might be a host passing them along and don't even know it. Especially if you don't have AV software to find out about what you have.