Hi all,
Our ICT support team told me that it is the WORM_SOBIG.F virus. I suppose
that this virus looks in some mail folders and/or outlook [express] contacts
and generates random (From, To) pairs so the REAL originator is most likely
NOT the one stated in the From field. The weird thing is that I only receive
virus-infected mails to my old (siemens.atea.be) address.
As the real sender of the virus email cannot be discovered, it doesn't make
sense to reply to the virus mails as they will reach people that didn't even
send them...
I briefly inspected the mail headers, but could not make much sense out of
them. I also expect our Exchange server strips part of them. And I deleted
all virus mails after I knew the virus variant.
Anyway, if your contact list contains "olivier.biot [at] siemens.atea.be"
(and other Ethereal developers like Joerg Mayer, Guy Harris [at] MIT (among
others)), and you use MS Outlook [express] then I suggest to do a virus
pattern update and a system scan :)
Regards,
Olivier
-----Original Message-----
From: Gerald Combs
On Wed, 20 Aug 2003, Biot Olivier wrote:
> Over the past 24 hours I got a bunch of virus mails of ~73 kbyte with
> originating addresses from the Ethereal mailing lists. Please consider
> upgrading to the latest virus definitions and perform a full scan :(
Did the Received: lines indicate that the messages originated from
65.208.228.223 (mail.ethereal.com)?
