[69409] in North American Network Operators' Group
Weird virus activity from AOL user(s)
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Sat Apr 10 16:57:46 2004
Date: Sat, 10 Apr 2004 21:57:06 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Hi,
I'm getting lots of viruses (few hundred to my personal address today), th=
e
couple I checked appear to be the Sober-F virus based on the text.. the sou=
rce
IPs from the headers are all AOL.
Strange thing is there is no virus, just the text and an attached file:
$ more Norton\ AntiVirus\ gel=EF=BF=BDscht1.txt=20
Norton AntiVirus hat folgenden Anhang entfernt: corrected_text-file.pif.
Der Anhang war mit dem Virus W32.Sober.F@mm infiziert.
This is a bit annoying as our scanners fail to find a virus and allow these=
=20
thro.. so.. I'm doubting this is anything AOL have done themselves, there=
=20
appears to be too many and from too many different IPs for them to be from =
a=20
single user (altho they are from similar IPs suggesting the same blocks). I=
note=20
the attachment suggests Norton AV but surely any virus scanner isnt stupid=
=20
enough to find a virus and then still send out the email?
So whats going on then? :)
Steve
