Hi all....

Since I have been running this site for a long time, and my email address has been available to all for many years, I am in a lot of address books. I can't get email viruses (because I am a dinosaur who still uses UNIX email on a dialup shell account ;) ) but I am the recipient of many copies of every new worm. I also get a lot of spam -- several hundred messages a day.

To cope with it, I have a two-tiered filtering system. Stuff that is almost certainly spam or viruses goes in the "bitbucket", never to be read. Suspect stuff goes in the "spam box", which I review occasionally. Other stuff goes into my main inbox.

I have seen viruses come and go but NOTHING like this blasted Sobig thing. Not only has it not tailed off in the last couple of weeks, if anything it is getting worse.

Here's what I saw when I opened my "bitbucket" just now:

Folder is 'fearn.pair.com:=bitbucket' with 8403 messages

That's in a little over 24 hours!

<rant>
It's not just the Sobigs too.. it's the reject notices and all these damned stupid annoying virus filters that keep sending me notifications that I "may have a virus". HELLO? Have the people who write these programs STILL not figured out that the viruses use RANDOM from headers? Do they really have to make things worse by sending MORE garbage to people already inundated from these things?
</rant>

I feel a bit better now. :)

c

Ixl,

Many webmasters of help sites have the same complaint. There have been several published rants from well-known computer writers, over the last couple of weeks, and even NANE is starting to see the light, although a number of the early posts to answer the complaints were rather, ummm...(I AM trying to be nice here.......;)).

The time for autobouncing virus infected email is long past. I have seen figures stating that more than half the email traffic caused by the Sobig worm was not the worm itself, but the autobounces!

I suggest that everyone contact their ISP and find out what their policy is on this matter and if they do autobounce, to please discontinue that practice. It is just as easy for them to have their AV shuffle it off to the "bitbucket" as it is to autobounce!

Besides clogging mailboxes, these autobounces cause unnecessary fear and concern amgonst normal users. I have answered several questions on this board and seen many others on the boards I regularly visit, with the author being very conerned over the warnings of email they supposedly sent. When upon investigating, they are clean and show no signs of being infected.

This just feeds the fire, and in a round about way contributes to the goals of the writers of these mass-mail worms. Most of the authors of these things glory in the mayhem and confusion their work creates. Autobouncing definitely creates more problems than it solves.

It is time to end this practice, before the next worm comes along.

I have good news from One ISP at least..
RR has stopped using auto bounce

In Fact they quit doing it before the latest worms hit the bandwidth

The last notice I received from them about an infected file attachment was during this past month
Some of you may remember the HAHAHA subject line for one of the many past virus infections

Well someone restarted and Old system to use in an attempt to get the removal tool for Blaster.
To bad they didn’t know it was infected with this old Bug

It e-mailed itself to everyone in the old system address book
RR deleted the attachment and forwarded me the message
With a virus scan / attachment removal notice across the top.

In fact it also contained a note about not wanting to return it to the sender because of spoofed address’s :)

If Road Runner can do it Anyone can

Update on the Sobig Virus.

It was in the evening news (TV) on Thursday or Friday that the police and FBI are questioning a French idiot (extremely mild expression that) about Sobig, he is reported to be 18 years old about it. Some-one reported seeing him playing about with a version of the virus BEFORE it was released. I wonder if Madame Guilotine is still used in France

Not that this will help anyone like Charles. My heart goes out to folks in thisposition. I have not been hit by either it or the previous one, though I have cleaned out 5 computers of friends who have.

It looks like some-one up there likes me as I had started to use a router with built in firewall only a few days before they were released

In Minnesota we had a local teen tagged for a variant of Blaster, so that looks like 2 of the idiots caught. Unfortunately, this kid is a small time copycat and the big fish is still free....

Thanks guys.. it's good to know that at least some of the ISPs are recognizing how they exacerbate the problem. Now if we could only get the AV companies on board....

c