Virus In Zip File

[TCH-Andy]

Whilst I don't normally post warning of viruses, I have found 3 example of this coming to me so far today. Whilst Total Choice Hosting stops many attachment types, it does not stop ZIP files. This is an unusual virus, in that it spreads in a zip file.

 

A typical email has the following format:

Subject line:

Re: Movie

or

Re: Application

 

Message text:

Please see the attached zip file for details

 

Attached file: your_details.zip

 

 

 

Unzip at your peril - it may be Sobig worm, says Sophos

Sophos's customer support service has received many reports from businesses attacked by the latest variant of the Sobig worm. W32/Sobig-E, first seen 25th June, is the fifth variant of the Sobig worm - but varies from its older siblings as it spreads itself in the form of a ZIP file.

 

Even though the user has to unZIP the offending file and launch its content to become infected, some business networks are still falling victim to the worm. Sophos advises all businesses to keep their virus protection up-to-date and educate their users about the perils of unsolicited code.

 

"Sobig-E is different from your typical worm as it spreads as a ZIP file. This means even if a company has a forward-thinking security policy of blocking executable code - the usual carrier for email worms - Sobig-E can sneak past and dupe people into running its code," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "The best defence against Sobig-E is to get into the habit of never running unsolicited code and keep your email gateway and desktop virus protection up-to-date."

 

Sobig-E is programmed to fall dormant on 14 July, indeed all the Sobig worms have had limited lifespans. If the virus writer continues with this pattern, Sophos says it would not be surprised if a sixth version of the worm were released shortly after the demise of Sobig-E.

 

Sophos issued protection against the W32/Sobig-E worm at 16:35 GMT on Wednesday, 25 June 2003.

 

Andy

[boxturt]

Thanks Andy

[TCH-JimE]

Hi,

 

I ought to point out that if you recieve any email with an attachement that your not sure about, or do not reconise the address, delete it, don't open it. Even if it says "support@microsoft.com" don't open it! Microsoft never sends out support like that.

 

Jim

[imadsurfer]

I agree totally. Never open an attachment that you don't know from whence it came. Even if the address is from somebody you know, don't open it until you have contacted them to see if they really did send it. Spoofing addresses is easily done.....

 

ImaD

[TCH-Don]

Yes, thank you Andy,

 

Symantec web site info on W32/Sobig-E

[TCH-JimE]

Hi,

 

I had mcaffee bleeping at me early this morning when I was downloading that email.

 

There are many cheap and even free virus checkers out there folks, its one of the few investiments that I would urge everyone to make sure they have, and make sure its scans email and that you keep it up to date

 

Jim

[TCH-Don]

There is nothing like the thrill of hearing a warning alarm from your anti-virus program as you are checking your email.

And you see it has quarantined your email.

It happened to me last summer, when my sister got the Klein virus. Before I blocked the email address she uses for me, I got about 50 virus emails supposedly from everyone in her address book. I leave my anti-virus program update automatically now.

[TCH-Andy]

I must agree with you Turtle, the chirp of the alarm as it sucks the virus off to be dealt with is a most satisfying sound.

 

 

Nerd Whip woooot

[Samrc]

I received a similar warning from Trend on our corporate network today.

 

It captures the offensive attachments with no sound, but my Norton at home has a lovely popup to tell me it protected me from hazard.

 

Wouldn't run a machine these days without protection.

 

Like the avatar imaD!

 

-Samantha

[TCH-Don]

Yes ImaD,

is that what a super fast machine looks like

[TCH-Sales]

I got the same darn email too yesterday. Thankfully I wasn't so tired that I didn't catch it in time, and I eleminated the problem. Good to keep everybody informed though! Thumbs Up

[imadsurfer]

The avatar is a pic I made when I tried to load WinXP Pro on my server...

 

ImaD

[TCH-Don]

LOL, I undestand. I Love it.

[greatfolios sysop]

received in the inbox today....

 

re:movie from veritas123 (didn't reccognise who it was from so I looked at properties and it had no text in the body, I knew it was trouble.... (poof, delete!)

 

missed me again!

[imadsurfer]

I like the new ones that I've been getting lately. They come as mail I've supposedly sent that is being returned......Pretty sneaky, but almost always when I send mail I know I've done it...

 

ImaD

[TCH-JimE]

Hi,

 

I have that problem too, problem is that I send so many emails a day, I have to sit and look at the address, but then it goes in the bin. If someone really needs something that I haven't sent them, they will call me!

 

Jim

[Head Guru]

I think I have gotten about 200 of these emails today.

 

Argh!

[imadsurfer]

Yeah...aren't they fun? Yuck!

 

ImaD

[ohBhoy]

I have been talking to Rick at tech support mostly all day today about this. I received the first one Friday, June 27, 2003 3:59 PM, mountain time. It freak me out for the sender or should I say the site that bounced back that e-mail was a I AM A SPAMMER site. See I am a decent person and never do that kind of thing then suddenly got an e-mail that they couldn't accept the zipped file I gave them because it has a virus?. My first thought was somebody hacked my e-mail and somebody has been using my account to spread viruses or using my account to get access to unlawful or illegal sites.

 

Oh BTW, nice tech support you got here!

[imadsurfer]

Hey ohBhoy,

It looks like this was your first post, so welcome to the Forums. It's just like a big family on here, and the support is bar-none the best in the biz. If this family doesn't already know the answer (which is rare!) they will find it somewhere and get back to you...

 

Sorry to hear about your e-mail, but it could have been worse. It could have shown being bounced back from the IRS!

 

ImaD

[ohBhoy]

Thanks for the welcome. Yeah scary was an e-mail you never sent bounced back to you! If from the IRS and I knew I sent it, it could have been better.

I am just glad my toy here never got the disease or else I will be sick too.