[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MBSOPPRAPP02 found VIRUS= I-Worm.Sobig.f.txt (Kaspersky) virus

On Fri, Aug 29, 2003 at 03:52:09PM -0700, Maxi Stubbs wrote:
> This was mailed to me are you saying I have this virus? My virus protection say I do not. I am just concerned, I am getting returned mail of addresses I don't have in my book. Could you help me please?

If you're getting such a notice, it generally means this:
  1. Someone who has your address in his address book has this virus,
     known as Sobig.F.
  2. This virus spread to the person who sent you the notice.
     This particular virus spreads via email and always fakes the
     email headers, and in this case it used your address as the
     faked sender.
  3. The person who sent you the notice is using a broken virus
     scanner, which sends a scary warning notice to the wrong
     person, in this case you.
     (I call the scanner broken, because it managed to recognize
     the virus as Sobig.F, which is KNOWN to use a fake sender,
     so it should have known better than to mail you about it.)
Note that you're not even involved until step 3, so there's nothing
you can do about it except complain to the person in step 2.
I get dozens of such notices a day, and I've given up on complaining
about them.  Your mileage may vary.

You're asking debian-legal@lists.debian.org for help, but I doubt
this notice was mailed to you from debian-legal.  We don't use broken
virus scanners.  From the mail you quoted:

> The message is currently Purged.  The message, "Your details", was
> sent from mpstubbs@bellsouth.net and was discovered in IMC Queues\Inbound
> located at Reunion.com/REUNION/OPTIMUS.

Do you have any idea what "IMC Queues" or "Reunion.com" is?  They're
probably the ones who bothered you.  You can examine the headers of
the notice you got to see where it came from.  (Fortunately, those
are generally not faked.)

The returned mail you're getting is for the same reason: the
virus spreads (from someone else's machine) with your address
in its headers, and confused mail servers try to bounce it
"back" to you.

Richard Braakman

Reply to: