August 19, 2003

I'm Finally on the Cutting Edge of an Online Computing Trend

A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week's outbreak of the Blaster worm.

The new virus, named 'Sobig.F' by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail.

-- Riva Richmond, "New Computer Virus Clogs E-Mail Inboxes"

Today I received no less than four of the above-described emails. And the email addresses all looked legit. Indeed, one of them came from someone (I can't believe anyone at the U of Chicago would be capable of such mischief. Okay, there may be one or two people, but then, I can't believe they would be stupid enough to use their uni accounts. So perhaps the virus had attacked a U of Chicago account and was then using that account to send out the evil spam?)

Anyway, though I don't know much, I knew enough not to follow the instructions to "Please see attached file for details." Sorry spammers, but my dance card is full: I'm still cleaning up after the Blaster Worm. By the way, I scanned the emails, they were all four of them infected with this Sobig virus.

I blame Ogged for this. Yesterday he put out a call for more vigilante viruses in the hope of seeing more virus battles. Ogged, can't you just watch some Cops reruns or something?

Posted by Invisible Adjunct at August 19, 2003 11:23 PM

Hey! I called for more virus battles and since we can safely assume that there will always be malign viruses, the implication was that I wanted to see more virus-combating viruses.

And I'll see your four infected emails and raise you fourty-five. No doubt I'll break fifty by midnight.

Posted by: ogged at August 20, 2003 01:00 AM

Word Millenium is not working on my computer. It stopped while I was in the middle of typing my syllabus and after I updated IM. The computer shop says IM has nothing to do with it and I've tried reinstalling the program to no avail. So, today it's off to the shop. who knows?

Posted by: Anna at August 20, 2003 01:12 AM

As an ABD student at Chicago (anthropology) and a part-time worker in the computer trenches, I can tell you this is more than a small issue at Chicago. I don't know what sort of ideas you have about the UofC, but trust me, we're more than a little susceptible to virii and (alas) don't have the faculty, students, or staff to concot something this fiendish.

Posted by: Alex at August 20, 2003 01:25 AM

If the worst thing the U of C dumped on the world were viruses, the world would be a much happier place.

Can you say "atomic bomb"? Oh really? Then what's that statue doing outside the Reagan-stein?

Or how about those innovations in urban apartheid?

And where did all those nitwit Straussians come from?

Viruses?[1] That's the least of it. The U of C has a lot to answer for.

[1] I'm proud of all you Catholic school boys and girls, but umm, this is English, mmmkay?

Posted by: che at August 20, 2003 07:42 AM

I'm proud of all you Catholic school boys and girls, but umm, this is English, mmmkay?

Not only that, but "virii" isn't Latin. Or anything else. The Latin plural of virus is...

There is no Latin plural for virus! Trick question! Now go study your declensions and say ten Hail Marys.

Posted by: language hat at August 20, 2003 08:29 AM

Just to clarify: I'm not blaming U of Chicago for this virus (and of course I'm not really blaming Ogged, either). Among the mischievous acts that this virus performs: infecting someone's computer in such a way that the victim's own email account can be used to send out more spam. I'm assuming this accounts for my having rec'd an email from what looked like a legitimate address.

Posted by: Invisible Adjunct at August 20, 2003 08:55 AM

I deleted a whole load from a university account and a Yahoo account this morning. The Yahoo inbox had a couple of dozen, and the 'bulk mail' folder (where Yahoo puts things which are suspected spam) was at over 100 messages.

Posted by: Barry at August 20, 2003 09:07 AM

Hmmm... well, I'm at U of C and the email service has been spotty here all week - plus I've been getting all these popups while I'm dialed into the university system, which was unheardof before. So I'm guessing something is really screwed up here. Chances are it will take forever to fix too... they don't have much competent support at this place, certainly not compared to the state school where I was an undergrad...

Posted by: paul at August 20, 2003 09:22 AM

The U of C's virus problems have been notorious among the denizens for years; when I was there, the problem involved infected macros, which, if used, caused Very Bad Things to happen to your documents.

Posted by: Miriam at August 20, 2003 09:58 AM

I've received four or five of these emails already this week, many from university addresses (Dartmouth, Wayne State). Fortunately, Georgia Tech's virus scan works pretty well and the attachments never reach my computer. This may go without saying, but I think that as long as you don't open the attachment, the "trojan horse" part of the virus can't affect you.

Posted by: chuck at August 20, 2003 11:54 AM

I've been getting (or rather, the Journal of Chemical Physics, where I'm working, has been getting) tons upon tons of messages from this virus recently, all from various .edu accounts. I personally haven't gotten any, which is curious.

And to Che: the statue I'm pretty sure you're talking about isn't outside the Reg. Get your facts straight before posting nonsense to weblogs! I always do!

Posted by: ben wolfson at August 20, 2003 05:33 PM

I've had 900 of these emails since yesterday morning, most from Cornell addresses (where I think I know one person), and most of the rest from universities in Israel, where AFAIK I don't know anyone. Oh, and from Dell, which I wouldn't touch with a bargepole. I'm also getting hundreds of bounce-backs from messages sent using my return address, which is quite vexing given that my Mac is immune to this virus.
So if anyone reading this is anywhere near Cornell, go and give the IT staff a kick up the arse for me.

Posted by: Anthony at August 21, 2003 09:14 AM

*nod* I was going to say -- I don't open strange attachments or let anything execute without my permission, and my anti-virus protections are so up to date they squeak, but I'm still getting bouncebacks from mail sent using my .edu address. One of these viruses clearly harvests the address books of infected computers. So it may not be the fault of anyone at (say) Chicago.

Posted by: Naomi Chana at August 21, 2003 06:57 PM

I've gotten a ton of these from my Oklahoma State account. It's apparently infiltrated one of the English department's listserv discussions, and has cross-pollinated.

Posted by: Scott at August 21, 2003 07:41 PM

I think I have received a few of these mails through UC Berkeley's Center for German and European Studies. I can't tell for sure, because all the mails have all gone through my yahoo account, and I have a Macintosh, which I still think is the best first defense against these horrible viruses (whatever) and worms. I received mysterious mails, with attachments that were somehow chopped off before arriving in my account.

Posted by: David the macuser at August 22, 2003 02:02 AM

Yes, sobig.f pretty much *always* spoofs its sender field, so you've probably never actually gotten one from an infected computer, unless by coincidence.

But that said, since it's harvesting addresses to use off of the infected computer's hard drive, if you're getting a ton from, say, one university, it's probably a very good sign that they're having a bad problem there generally. I've gotten 8-10 "we couldn't send your virus-laden message" return notices from mail servers--all generated by infected e-mails sent out by other people.

Posted by: zooey at August 23, 2003 11:36 AM

Four infected emails? Fifty? It is to laugh. Anyhow, I lost count several days ago.

Posted by: joseph at August 25, 2003 07:56 PM

Hey Joseph, now I feel like my Inbox has been impugned. Fifty was fully five days ago, my friend.

I think I'm up to a billion.

Posted by: ogged at August 25, 2003 08:23 PM

I use a Unix email client, so these little bastards never make it to my PC. I've set up Spam Assassin and Procmail so I don't even see very many of these little fuckers in my inbox. It was kinda painful to set them up, but it's worth it.

OTOH, I am seeing at least 5-10 emails a day with subject lines like "Your spam riddled email could not be delivered." Fun, fun, fun. <sigh />

Posted by: Curtiss Leung at September 5, 2003 01:15 AM