Virus Warning

In case you dont read news, a new virus is making its rounds in the internet.

This worm (Sobig) will search your harddrive for mail-messages, extract some valid adresses from those, and send a mail to persons from your addressbook faking the From header (this tells the recipient who sent the mail) with that found emai address.

furthermore this virus contains a small smtp-relay server, so its possible to send mail via the infected host.

To sum up, its almost impossible to track the host / user from which the mail has been sent.

right now, i am getting a lot of bounced messages, what indicates that someone in the renoise-community is infected by that virus and the worm uses my address as the sender.

so. PLEASE PLEASE check your system. i am getting about 20 bounced mails every day. There are several free anti-virus programms available. just get a recent one and scan your system. this applies to outlook / outlook express users.

I suspect someone from norway to be sending a lot of those mails (analyzed the headers a bit)

Not me :) I haven’t got any, the university are filtering those viruses centrally in their mailserver now. The mail system has been slowed down so much it can take hours and hours for a mail to arrive…

I got about 40 copies of this virus per mail today, so it seems that more than one dude is infected.

And if your to lazy to instaal a anti-virus program you can always scan your computer online to see if it’s infected.

Mc afee




Or remove it with this Tool .

i received 64 infected Emails a couple of minutes ago…

98 infected Emails :blink:

Damnit, i was infected. Though i did not run any attached files , and AntiVirXP did not find the Sobig Virus usind definition files from yesterday.

Taktik, thanks for linking to that removal tool ;)

Conlusion: Using Eudora instead of Outlook does not save you from getting infected by email-viruses :confused:


i use dr.web, so i’ve never seen any virus during my life time, except my own when i was into asm…

Strange, I havn’t got any of these mails… :)

O.K. someone correct me if I am Wrong. There is a hole in Windows IE(bad programming) which allwows this worm to enter. Microsoft has a patch for this. go to “tools” on Internet Explorer then go to “Windows update”.
This will tell you what updates You need. This worm only effects Windows 2000 to XP. I am still running 98 SE so none of this effects me. If You are running ANY Windows operating system and have not updated recently do it now. If You need a good free antivirus program go to: If You know You have the virus read the previos posts to remove


Or don’t use IE or Outlook. If you use Eudora, turn off the advanced html rendering because it uses an IE component.

Mozilla is one good answer as both web- and mailclient, other good programs also exist.

Im in Norway and uses Outlook Express, but I dont think there should be any problem here. My virusscan is up to date and I have no problems at all… Havent had a virus since I got the saddam-virus on my Amiga, destroying a few hundred of my octamed modules… :(

sorry that was me, I forgot to log in :P

Today I got a bounced mail from the University of Kent saying my sent mailed contained Sobig. That’s pretty wierd since I only use web mail and don’t have my account set up in any other app, except for trillian which can’t send mails… Anyone have an idea what’s going on here??

That’s the way the virusmail looks like. It picks adresses from the infected machine, and sets random FROM and TO adresses.

I don’t mean to freak everybody out but this was taken from Wired News. :o

"Researchers at two security firms warned that a potentially massive attack was scheduled to be launched Friday when computers infected with the Sobig.F worm would be forced to download and run a mysterious program at 19:00 UTC (3 p.m. EDT).

At 3 p.m., the virus directed a few infected computers to a pornography website but that site shortly collapsed under a flood of network traffic.

“Of the 20 servers identified to be used for the attack, 16 are down, three are not responding and one is responding and directing traffic to a porn site,’’ the antivirus firm Symantec said in a statement.”

Rest of aticle here:,…7,60150,00.html