This post originated from an RSS feed registered with .NET Buzz
by Sascha Corti.
Original Post: Flooded by W32.Sobig.F@mm
Feed Title: Console.WriteLine("Hello World");
Feed URL: http://www.corti.com/WebLogSascha/blogxbrowsing.asmx/GetRss?
Feed Description: A technology blog with a focus on the .NET framework, the Visual Studio .NET tools and the Windows server platform with of course the normal weblog-noise on what's happening in the industry and reviews of the latest geeky gadgets.
Argh! I returned to my PC after a meeting to find I am flooded by email triggered
by the new W32.Sobig.F@mm worm.
This variant is turning infected PCs into spam SMTP relays which is spoofing the sender
email address.
Now, somewhere out there is a very busy, infected PC sending emails everywhere with
my email address as the sender. The result is that I get tons of "undeliverable" or
"mail infected and rejected" auto-responses from various domains.
As these notices are all totally different, varying from domain to domain, it's nearly
impossible to remove them with an inbox-rule.
Not much I can do about it except wait for the storm to pass...
Disinfection Tool
F-Secure provides the special tool to disinfect the Sobig.F worm. The tool and disinfection
instructions are available on their ftp site:
Previous Topic
