The Welchia worm took out our corporate network today. The strange thing is that we were told that preventative measures had been taken to prevent this kind of attack. It appears that whatever they did to prevent the blaster worm from spreading did not work.

I did run a few scans for Sobig, but did not find any infections.

It seems that my home PC's were not affecetd by any of the recent worms. I think it all boils down to keeping software up to date and proper administartion of networks and software.

Somone who has my address has the sobig. I've recieved about 30 undeliverable mail messages from all over the net saying I sent them an infected attachment. I've run NAV and I'm clean and even some of the returned mails had the attachment intact and NAV saw it and deleted it. Nothing like having your e-mail address being spoofed and sending viruses all over the world.

anyone have a link that will let me get AV definition for this?

What anti-virus software are you running? Norton has updated definitions. As a matter of fact, taking a quick glance at all the returns, just about every single AV software is listed as stopping the file from getting through. The 30 has shot up to over 200. I guess the only bright side is that it will deactivate in about 18 days. Then I'll at least stop getting spammed from servers that got fooled by the spoofed address.

Originally posted by Plaster
Somone who has my address has the sobig. I've recieved about 30 undeliverable mail messages from all over the net saying I sent them an infected attachment. I've run NAV and I'm clean and even some of the returned mails had the attachment intact and NAV saw it and deleted it. Nothing like having your e-mail address being spoofed and sending viruses all over the world.


I know what you mean...check out this story regarding SoBig and the journalists at MSNBC. ;)

http://www.msnbc.com/news/954687.asp?0cv=CB20

this Sobig2 ended up in my wife's oohaY webmail last night. She's *well-trained* by yours truly to SCAN EVERY ATTACHMENT before downloading, and because she's smart we avoided a potential problem.

I love my wife. :)

♥

ß

Bee..

Does she have a sister?
My better half is not so observant of my "suggestions"

:t

I've had about a 1/2 dozen users get funny email with a bunch of the infected subjects. Corporate Norton Antivirus works very well on a domain, if it is setup properly!

Anyone who doesn't live by the rule "if you don't know who it's from, or you're not expecting the email, delete it" is going to pay the price...

I agree with the NAVCE being setup correctly. We have deleted over 1000 infected messages and received thounds of messages that we sent the virus. We were not affected by sobig beyond this as stated we did not find any active infections.

Yep, the AV snap in for the MMC sure is a nice tool for admins.
Don't even have to rely on the users to clean out their own quarentine...just do it yourself...
Not to mention setting it up to email you when a virus is detected!! And...from what workstation!

yea - my mailbox was deluged by 75 messages 3 times a day... all with attachments containing Sobib.F or people complaining that i had sent them an infected email - what a pain in the *****.
i changed the password for the account and the deluge dried up.

i don't know if these potential worm infections come in waves and then stop or if changing the password did the trick... anyhow, it only lasted 2 days.

They basically come in waves. Changing your password won't make it go away. Changing your e-mail address on the other hand would do the trick.