We are experiencing hundreds of incoming messages addressed to the
StormwaterPro discussion group that have been generated by at least
one computer infection of the Sobig.F worm. This is the only one of
our discussion groups that is having this happen, so we are thinking
that there is at least one StormwaterPro subscriber whose computer
is infected with the Sobig.F worm.
We aren't upset by this situation, but we would like to help whoever
has the infected computer identify the problem and remove the worm
from his or her system.
Since this is a moderated group that does not accept file
attachments, we have not had any real problems with this, beyond the
process of deleting each copy of the message, so that it doesn't get
out to everyone in the group.
Since the messages are coming into the server around the clock, the
computer that has the infection is likely to be one that is
connected to the Internet full time, most likely through a network
or other broadband connection. If you connect to the Internet with
a phone modem, or you turn off your computer when you are not using
it, your computer is highly unlikely to be involved. With the high
number of e-mail addresses that are showing up with the messages, we
think that the computer is one used at or for work...many addresses
are associated with corporate or government domains. We cannot
identify whether this is an Internet-connected stand-alone system,
or whether it is connected to a network.
If your computer is infected, and you have some way of watching the
lights on your broadband modem or network monitor, you might be
seeing a lot more activity than usual. You might also have a
perception that the Internet has been rather slow for the past
several days.
Symantec has a complete resource concerning Sobig.F, how to learn
whether your system is infected or not, and, if it is, how to rid
your computer of the worm. You can access that resource on their
web site at...
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@m
m.html
(If the URL is not completely highlighted, you can copy and paste it
into the address field of your web browser to connect to the page.)
Sobig.F is coded to try to contact other specific computers around
the world every Friday and Sunday for further instructions until its
September 10, 2003 expiration date. Nobody knows what those
instructions may be, or whether such contact will trigger the
download and execution of a much more damaging piece of
malware...something that might delete everything on your computer's
hard drive and/or the network it is connected to, for instance...
Unless your computer is protected with a top-tier anti-virus
program, and you have the most recent anti-virus definition database
for the application, please take the time to visit the Symantec site
to learn how to find out whether or not Sobig.F is on your computer
or not. You will be helping reduce the worm's impact on the
Internet through your efforts.
Thank you very much for your time and kind assistance in this matter.
Norman MacLeod
Gaelic Wolf Consulting
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email