OT - IT'S SAD TO THINK WE HAVE THEM IN OUR GROUP

[Guest B52Drivr]

Hello All,You know, this is a hobby . . . an enjoyable one for most, but as in any sector or our world, there are some who relish in causing trouble, upsetting the apple cart and in general, causing others pain and misery.Someone, in our hobby, who frequents our forums has taken it upon himself to use my e mail to send out the latest virus, the worm SBig, whatever it is . . . Now, I know it was someone in OUR community because they made it clear, from the 'return mail, not delivered' I have recieved that it was pinpointed at the FS area.I do not use a e mail list, nor Microsoft outlook, I keep all my e mail contacts on a sheet of paper strictly so I DON'T have an list which they can use if I am hacked. So I know they didn't get it from my 'list'. I won't go into the large list of software providers I got 'return mail' from stating my e mail had a 'virus', but it was many and mostly all from the FS software providers.Now, I'm not sure what I can do about it . . . I've checked both of my systems, and have none of the 'virus's' which were on the return mail so I suggest that if anyone recieves an e mail from me, be very careful, as I rarely send out a private e mail to simmers.I have turned this over to my friends in the Intelligence Community, and although I am not sure what they can do about it, NOTHING ON THE INTERNET IS UNTRACABLE . . . NOTHING!Any providers of software who were directed by this e mailing, I am sorry for the trouble, however I have not done this . . . and will do the most to uncover the 'rat' who used my e mail address as a return addy.Best to all,Clayton T. DopkeMajor, USAF (retired)"Drac"

[brandon 0]

Taken from SARC:W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.For example, Linda Anderson is using a computer infected with W32.Sobig.F@mm. Linda is neither using an antivirus program nor has the current virus definitions. When W32.Sobig.F@mm performs its email routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From" portion of an infected message, which it then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message; however, when Harold scans his computer, Norton AntiVirus does not find anything, because his computer is not infected.

[JimmiG 244]

Note that the Sobig.F virus steals email addresses, not only from the Windows Address book but also from the Temporary Internet Files and possibly other places. This means that it's very likely that your computer, or another infected computer, picked up your email address from the AVSim forum or another forum you frequent. Don't be so certain someone intentionally used your email address to send viruses."Sobig.F arrives via email with a subject line that typically says "Re: details," "details," "your details," "thank you," or "resume." The sender is disguised as someone that may be familiar to the recipient, such as the name of a company or person.If the attachment containing the virus is opened, Sobig steals email addresses from several different locations on your computer, including the Windows address book and Internet cache, then sends copies of itself out to those addresses. The virus, which sends multiple emails concurrently, selects addresses randomly for use as the sender, attempting to fool recipients into thinking the email is from a company or other legitimate source.The attachments' names may include your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document.Fall.pif, application.pif, and document.9446.pif.Because of its mass-mailing capabilities, Sobig can eat up bandwidth and slow a company's network performance."http://vil.nai.com/vil/stinger/

[Guest Rich]

Clayton, Apart from the info others have kindly provided - It is quite likely that there is not a lot your friends in the intelligence community can do here. Just cos some idiot didn't use anti-virus software and common sense doesn't mean they can be arrested. Pity really.

[Guest bjjones]

I'm getting sick and tired of these :-mad, over the last 24 hours I've had over 700 as you can see below, and most of them say they are from flightsim sites, luckily my junk mail filter has got all of them and i've not actually received any (well worth

[Azapata87 173]

hi,Ive gotten emails sayiny my email wasent delivered because it had a virus, problem is I didint send anything and I dont have the virus :-( and people I know need to stop getting viruses and learn common sense (DONT OPEN ATTACHMENTS WITHOUT SCANNING THEM!!!) since the virus they have is sending emails from their computer and putting my email as the return address saying I sent the virus. AndrewPS.A copy of one of the emails I got. Fortunately my computer doesent have the virus and didint send any of those emails. :-)-------------------------------------------------------------------Our virus detector has just been triggered by a message you sent:- To: fleetpainting@bluestarva.co.uk Subject: Your details Date: Tue Aug 19 19:50:40 2003One or more of the attachments (movie0045.pif) are onthe list of unacceptable attachments for this site and will not havebeen delivered.Consider renaming the files or putting them into a "zip" file to avoidthis constraint.The virus detector said this about the message:Report: Shortcuts to MS-Dos programs are very dangerous in email (movie0045.pif)-- MailScannerEmail virus Scannerwww.mailscanner.infoMailscanner thanks transtec Computers for their support

[Guest kyle]

Stop looking to blame some one in this community. It has been all over the news and a little bit of research will clearly tell you what is happening. Even AvSim posted a briefing about the latest virus' on their main page. It is sad that you did not take some time and research the problem you are having instead of coming here and looking to "uncover the rat".It does not matter if you keep your email addresses on a piece of paper either. As soon as you use an email program to send someone anything, that email is in your computer. However, that is not the problem here. If someone ever emailed you, and they got the virus, the virus will place you along with anyone else that person emailed as the sender.Read carefully the below info from Symantec.com... You will see in just this little bit of info that all of the above complaints are explained. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code.Email routine detailsThe email message has the following characteristics:From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address admin@internet.com as the sender.NOTES: The spoofed addresses and the Send To addresses are both taken from the files found on the computer. Also, the worm may use the settings of the infected computer's settings to check for an SMTP server to contact. The choice of the internet.com domain appears to be arbitrary and does not have any connection to the actual domain or its parent company.Subject: Re: Details Re: Approved Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your detailsBody: See the attached file for details Please see the attached file for details.Attachment: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pifNOTES: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003. The aforementioned deactivation date applies only to the mass-mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm infected computer will still attempt to download updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior. Outbound udp traffic was observed on August 22nd coming from systems infected with both Sobig.E and Sobig.F. However the target IP addresses were either nor responding/taken offline or contained not executable content i.e. a link to a adult site. W32.Sobig.F@mm uses a technique known as "email spoofing," by which the worm randomly selects an address it finds on an infected computer. For more information on email spoofing, see the "Technical Details" section below.

[John_Cillis 2,406]

You've already seen responses posted that discuss the behavior of this virus. As already mentioned, no one is intentionally using your email address in this virus. If anything, the "spoofing" used in today's crop of viruses is meant to generate posts like yours--they attempt to sow distrust amongst the community.These attacks are almost untraceable, unless peers and friends turn in the guilty. But that's so easy to manipulate, it's frightening. And there's more. They can be used by ignorant authorities as a means of "political" attacks. One gentleman in Britain was finally cleared of having illegal pornographic materials, but not after his life was all but destroyed. A virus not only spoofed his email address--it placed pornographic material on his computer and used his computer as a server. Right now, for lack of a better word, the intelligence community is clueless when it comes to how to trace this cr*p without hurting the innocent in the process. The SoBig virus is old fashioned. It requires someone to open an attachment to catch and spread the infection. Better to have your friends in the intelligence community spend their resources into finding someone who can get through to these idiots who open unsolicited attachments. Oldest trick in the book, and people are still falling for it.-John

[Guest B52Drivr]

Hell all again, Well, I guess I stand corrected. To be honest with you, I hadn't put two and two together, nor did I know how that particular virus worked.Call me stupid, however I have had very little time to devote to FS lately and just barely can get through my e mail. I do know, however, that I am not infected . . . (relief), and so should my post have offended anyone, I am sorry. It's rather nice now to know that perhaps it wasn't from someone in our community.Oh, and yes, I just recieved an e mail from one of my 'IC' friends, explaining to me, in detail, how that particular virus works . . .and I feel very stupid right about now.Wow, guess that means I am not perfect . . . so much for those who have called me a 'perfect a##h#le. (I'm now laughing at myself for being closely related to the village idiot).Humble apologiesClay

[BobP 56]

I was away on vacation for the last 9 days and have sent zero emails. I had over 700 emails awaiting me upon returning. Well over half were the sobig virus and a couple hundered robot responses that my emails had been rejected because of a virus. I have a couple of very old email addresses and we turn our servers off before we left. Most of the "Your email contained a virus" replys were polite and a couple very rude. Computer professionals who purchase and setup up these stupid auto responders should turn them off. Unless they can trace the original email, they are simply adding to the spam on the internet. Way to go......BobP :)

[E 0]

>Hell all again, >>Well, I guess I stand corrected. To be honest with you, I>hadn't put two and two together, nor did I know how that>particular virus worked.>Have you ever been a DCM in SAC? Hehe

[Guest tgabriel]

It's called spoofing. Someone who has your e-mail address recorded on their computer has been infected with SoBig. You would be amazed at the number of people with no anti virus protection, no up to date patches, and no concern about either.