Date: 11/28/2005, 11/30/2005

To: Emerald Hills Subscribers

Subject: Junk Email Problem

Some of our Emerald Hills Community have complained of getting junk mail (SPAM) that started on our about 11/23/2005. There was a suggestion that the junk mail is (or was) being sent to our members using the E-mail listserv. Be assured that this is not the case. The problem stems from a one or more PCs that were initially infected with a virus known as "I-Worm/Sober.CF". This virus uses the infected PC to send out junk mail to all the ids in that PC's address book further spreading the virus. The "From:" address of the junk mail will be 'faked' based on combinations of addresses found in the address book, thus hiding the true "From:" identity. Some of the mail even appears to come from and warns you that your IP address has been logged on illegal websites; neat, but obviously not true.

Offending junk mail may also contain the a Sober virus as an attached '.zip' file. The mail seems to have subjects similar to "Your Password", "Mail_delivery_failed", "Registration Confirmation", "Paris Hilton & Nicole Richie ", and "Your IP was logged". Opening the email will not harm your system, however opening the attached '.zip' file will. Never open attachments from an unknown sender. This is a good time to be sure your anti-virus software is up-to-date and that the email scanner is turned on. Also, I suggest you simply delete any email that has subjects like those I've listed and come from sources that you do not expect email to come from. If you're familure with mail filtering and your ISP allows you to add email context filters you can a filter to discard notes where each of the filenames listed below are found in the message body.

If you think you've already been 'done in' by the Sober virus, you should go to the link below to download (Windows only) and run the Sober removal tool. I suggest that you run this tool NOW then update your anti-virus software and run your updated anti-virus to completion. In any event, it will not hurt to this tool . It's a removal tool and will not protect you from future infection.

Some tips I suggest to maintain a virus clean PC.
  1. Use a firewall to connect to the internet. Windows XP has this built-in. Always use it! If you connect via DSL or Cable modem I suggest using a router between your connection and your PC. The router has (most all do) a built-in firewall. Note that a firewall protects your PC from outside use and not protect from an 'emailed' virus such as in this case.
  2. Be sure you have up-to-date antivirus software. I recommend AVG.. and it's 100% free for personal use. You can get it at Be CERTAIN that the email scanner part of the antivirus is properly enabled.
  3. Turn off your email program's preview mode. In preview mode, the email is automatically opened allowing transmission of a virus without further action taken on your part. For Outlook Express this is found under the "View-Layout" settings. Uncheck the "Show preview" box.
  4. Check the contents of suspicious email before opening it. For Outlook Express, you right click on the email in the list (INBOX, etc.), select Properties, then select the Details tab, then the Message source button. You can then see the mail contents exposing your PC to damage. This seems link a pain, but you do this only for those cases where you are not certain of the email safety. And it can save you lots of problems later.
  5. Delete from your INBOX any email you suspect is unsafe or simply do not expect to have gotten. Go to your DELETE folder and delete those you just deleted from your INBOX. Thus a double delete.
  6. Clean up your DELETE folder every so often like once a week to remove old emails. Do not use the DELETE folder to save mail. Create a new folder called SAVED MAIL to save email in. Ideally, you should be able to delete all mail from the DELETE folder at any time without fear something may be lost.

I hope that this explains the issue as well as provides some help in preventing future problems.


Jack Cameron
EHHOA Webmaster