Some of our Emerald Hills Community have
complained of getting junk mail (SPAM) that
started on our about 11/23/2005. There was
a suggestion that the junk mail is (or was)
being sent to our members using the E-mail listserv. Be assured that this is not the case. The
problem stems from a one or more PCs that
were initially infected with a virus known
as "I-Worm/Sober.CF". This virus
uses the infected PC to send out junk mail
to all the ids in that PC's address book
further spreading the virus. The "From:"
address of the junk mail will be 'faked'
based on combinations of addresses found
in the address book, thus hiding the true
"From:" identity. Some of the mail even appears to come from
mail@fbi.gov and warns you that your IP address
has been logged on illegal websites; neat,
but obviously not true.
Offending junk mail may also contain the
a Sober virus as an attached '.zip' file.
The mail seems to have subjects similar to
"Your Password", "Mail_delivery_failed",
"Registration Confirmation", "Paris
Hilton & Nicole Richie ", and "Your
IP was logged". Opening the email will
not harm your system, however opening the
attached '.zip' file will. Never open attachments
from an unknown sender. This is a good time
to be sure your anti-virus software is up-to-date
and that the email scanner is turned on.
Also, I suggest you simply delete any email
that has subjects like those I've listed
and come from sources that you do not expect
email to come from. If you're familure with
mail filtering and your ISP allows you to
add email context filters you can a filter
to discard notes where each of the filenames
listed below are found in the message body.
downloadm.zip
list.zip
mail.zip
mail_body.zip
mailtext.zip
question_list.zip
reg_pass-data.zip
reg_pass.zip |
If you think you've already been 'done in'
by the Sober virus, you should go to the
link below to download (Windows only) and
run the Sober removal tool. I suggest that
you run this tool NOW then update your anti-virus
software and run your updated anti-virus
to completion. In any event, it will not
hurt to this tool . It's a removal tool and
will not protect you from future infection.
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html
Some tips I suggest to maintain a virus clean
PC.
- Use a firewall to connect to the internet.
Windows XP has this built-in. Always use
it! If you connect via DSL or Cable modem
I suggest using a router between your connection
and your PC. The router has (most all do)
a built-in firewall. Note that a firewall
protects your PC from outside use and not
protect from an 'emailed' virus such as in
this case.
- Be sure you have up-to-date antivirus software.
I recommend AVG.. and it's 100% free for
personal use. You can get it at http://free.grisoft.com. Be CERTAIN that the email scanner part
of the antivirus is properly enabled.
- Turn off your email program's preview mode.
In preview mode, the email is automatically
opened allowing transmission of a virus without
further action taken on your part. For Outlook
Express this is found under the "View-Layout"
settings. Uncheck the "Show preview"
box.
- Check the contents of suspicious email before
opening it. For Outlook Express, you right
click on the email in the list (INBOX, etc.),
select Properties, then select the Details
tab, then the Message source button. You
can then see the mail contents exposing your
PC to damage. This seems link a pain, but
you do this only for those cases where you
are not certain of the email safety. And
it can save you lots of problems later.
- Delete from your INBOX any email you suspect
is unsafe or simply do not expect to have
gotten. Go to your DELETE folder and delete
those you just deleted from your INBOX. Thus
a double delete.
- Clean up your DELETE folder every so often
like once a week to remove old emails. Do
not use the DELETE folder to save mail. Create
a new folder called SAVED MAIL to save email
in. Ideally, you should be able to delete
all mail from the DELETE folder at any time
without fear something may be lost.
I hope that this explains the issue as well
as provides some help in preventing future
problems.
Regards,
Jack Cameron
EHHOA Webmaster