× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. August 2003

Desperately Seeking SOBIG.F ( FW: Thank you!)

Yeah, I know... My point was that I was getting *several* sobig.f e-mails from 
folks on the list, so it seemed logical
that the list had been compromised.  Since you and I have very little 
interaction outside the list, it seemed reasonable
that someone on the list had been affected.

I sent a copy of the email with your address because I felt confident you would 
understand the reasoning.  I have gotten
emails from Mark Phippard, several from midrange.com, and David Morris.  
(Several others as well, which I recognized as
folks who are members of the list whose names escape me).  SOBIG.F will grab 
address from your address book and use them
to perpetuate itself. 

It would be statistically very unlikely to get a SOBIG.F e-mail from a list 
member as a random occurance (no one on the
list infected).  It is highly improbable to get three without some other 
relationship, i.e. list membership.  Assuming
the chance of a getting an email from a list member not through the mail list 
is a random event (1 in whatever the total
population of the Internet that in infected) to get three randomly from the 
same "logical source" is way beyond the
expected distribution (better than 8 sigma).    

My email was worded specifically not to point blame but to raise awareness.  
Actually, I assumed you were *not*
infected.  Given that, the most logical reasoning was that someone else who has 
both your email address and mine in
their address book *is* infected.  The only place where that condition could be 
met was on this mail list.
Particularly, my work email address.  Since I didn't get any SOBIG.F at my home 
address, I could narrow the field to
professional contacts only (that and it came to my professional address).  

No worries, mate... this one was bad and the sooner we detect it, the sooner we 
can kill it....

thanks

dan
 

-----Original Message-----
From: Joe Pluta [mailto:joepluta@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 20, 2003 7:09 PM
To: 'Web Enabling the AS400 / iSeries'
Subject: RE: [WEB400] FW: Thank you!


> From: Eyers, Daniel
> 
> Someone one on this list may be affected by the SOBIG.F virus...  I'm
> getting emails like the one below with folks
> addresses from this list.

Actually, the problem with this type of virus is that you really can't
tell just from the email who the sender is.  In fact, it's very likely
that the sender is NOT the domina name in the message; it's been
spoofed.  If you check the message headers you'll be able to see the IP
address of the sender.  I assure you it's not me <smile>.

Joe


_______________________________________________
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.