On Wed, 20 Aug 2003 11:34:04 -0400, Barbara Yoon <byoon@erols.com> wrote:

>
> tadperry@attbi.com 3
> caro@caro.com 5
> RussGeorgiev@aol.com 4
> newgca@aol.com 2
> cardplayercruise@aol.com 3
> luckylee@cox.net 2
>
> ...anybody else getting anything like this...?!

Do you have any of these addresses stored in your contacts (aka Windows
Address Book, WAB)?

This worm will spoof the email addresses to make YOU THINK THEY WERE MAILED
FROM YOUR FRIENDS. They were not. However it will send those people the
file FROM YOUR MACHINE.

me:
>> Jeeez.....and when I first turned on my computer today, 41 more of them
>> (fortunately however, these all without the 100KB attachments)...
>>
>> Of the nearly 200 of these things received so far, many are 'repeaters'...
>>
>> tadperry@attbi.com 3
>> caro@caro.com 5
>> RussGeorgiev@aol.com 4
>> newgca@aol.com 2
>> cardplayercruise@aol.com 3
>> luckylee@cox.net 2
>>
>> ...anybody else getting anything like this...?!

"Chip Ed Up":
> Do you have any of these addresses stored in your contacts (aka Windows
> Address Book, WAB)? This worm will spoof the email addresses to make
> YOU THINK THEY WERE MAILED FROM YOUR FRIENDS. They were
> not. However it will send those people the file FROM YOUR MACHINE.



"Ed".....only *ONE* of those listed in my 'Windows Address Book'...

me:
>>>> Of the nearly 200 of these things [virus e-mails] received so far,
>>>> many are 'repeaters'...
>>>>
>>>> tadperry@attbi.com 3
>>>> caro@caro.com 5
>>>> RussGeorgiev@aol.com 4
>>>> newgca@aol.com 2
>>>> cardplayercruise@aol.com 3
>>>> luckylee@cox.net 2

"Chip Ed Up":
>>> Do you have any of these addresses stored in your contacts (aka
>>> Windows Address Book, WAB)? This worm will spoof the email
>>> addresses to make YOU THINK THEY WERE MAILED FROM
>>> YOUR FRIENDS. They were not. However it will send those people
>>> the file FROM YOUR MACHINE.

me:
>> "Ed".....only *ONE* of those listed in my 'Windows Address Book'...

"Chip Ed Up":
> Then that tells me that the virus is harvesting emails from newsgroups,
> possibly from your own system. This is quite common.



"Ed".....but the majority of these e-mails that I've received are from e-mail
addresses that are unfamiliar to me... Might not another 'infection' mechanism
be as follows -- with three example people, "Tom," "Dick," and "Harry"
-- Tom's computer becomes infected by the virus, which goes into Tom's
'address book,' and finds Dick, and Harry (who do not know each other)
listed there, and then the virus proceeds to e-mail itself to Dick, forged to
make it appear as though it has been sent from Harry (and vice versa)...?!

"Barbara Yoon" <byoon@erols.com> wrote in message
news:bi0bm0$e3u$1@bob.news.rcn.net...

> "Ed".....but the majority of these e-mails that I've received are from
e-mail
> addresses that are unfamiliar to me... Might not another 'infection'
mechanism
> be as follows -- with three example people, "Tom," "Dick," and "Harry"
> -- Tom's computer becomes infected by the virus, which goes into Tom's
> 'address book,' and finds Dick, and Harry (who do not know each other)
> listed there, and then the virus proceeds to e-mail itself to Dick, forged
to
> make it appear as though it has been sent from Harry (and vice versa)...?!

Yes, that is precisely what this virus does.

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

>Subject: Re: e-mail virus bombardment...
>From: Chip Ed Up anonymous@techemail.com

The particular virus that has been going around the past few days can harvest
email addresses from your computer that are stoed with any of these extensions
-
This worm propagates by mass-mailing copies of itself using its own Simple Mail
Transfer Protocol (SMTP) engine. It collects email addresses from files with
the following extensions:
DBX
HLP
MHT
WAB
HTML
TXT
which means, they can been in a database, saved webpage, address book, or even
in a text file.

Obviously, the best protection is to never open an attachment unless you
contact the person who sent it to verify what it is.

There is an excellent free virus detection program for home use available here
http://www.grisoft.com/us/us_dwnl_free.php

Our mail server has virus protection that strips all virus attachments on
incoming mail and won't send outgoing with detected viruses, plus all of our
pcs have updated virus programs on them