Sobig...

| 7 Comments

This one is a little bit like that old question we used to ask each other in elementary school in Poland. "You arrive at two gates. One gate leads to heaven, the other to hell. Both gates have guards and both guards look exactly the same. You know that one of the guards is a devil who will always give the opposite of the honest answer and the other guard is an angel, who will always tell the truth. You are only allowed to ask one single question. How will you find out through which door to pass?"

I received the email below this morning. It looks like a reply to an email I sent, with an attachement that I sent. It is the Sobig.f. virus that is attached to this one, so we are talking about some serious action here. This is the virus that shut down networks of rather large companies (including the New York Times, I hear), it is a bit of a celebrity of viruses. The most powerful guy ever (so far...). So what made me send it to a friendly person at the UCP in Florida, A Program of united Cerebral Palsy of Central Florida?... nothing made me do it. I am on a Mac here, using several virus filters on top of that. I do not have the attachment that came with this email anywhere on my Harddrive. So... there are two possibilities...
Either the person who seems to be returning the email to me has now an infected computer and for some reason had my email address in their address book... the computer had been left on and performed the virus distribution by itself. (So if you work for UCP in Florida, scan your drive please.)
Or... and this one would be the slightly more vicious version of the event, somebody is using my email address to send spam, or viruses or what not, to users like the friendly person at UCP...
I recently found comments on somebody's blog, which were signed with my name (and they were not kind comments...), so such "soft" identity theft is quite likely.
Hmm... so what was the one question we should have asked one of the guards at the doors to heaven or hell?... You know the answer, don't you?...

7 Comments

It's the way the virus works. they need to view the full message headers to see who actually sent it to them. the way it works is the virus infects a computer, and then uses the Windows address book to send e-mail (with the virus attached) to all of the recipients in the address book.

To cloak its activity, and to make it potentially more likely to spread, the virus forges the "from" address with a different address from the same address book. That's particularly insipid since it's likely that people in the same address book either know each other or "know of" each other, which negates the old "delete anything from somebody you don't know" rule.

Nice site, by the way. This is my first visit, but I'll be back.

soft like snow but warm inside

Hey there, "Bloody Valentine"... when you pretend to be me on my own website, please spell my name right in the link...
hehe
thank you... (that was quite cute.)

(Don't do it again buddy...)

imitation is the most sincere and annoying form of flattery :P

what's my name fool?

Em!ly!, this is the most brilliant solution to this riddle!
I think the one suggested by the 7 year old who asked me back in the day had something to do with asking one guy about the other guy... ahem... do not want to spoil this one...
but nice solution... will need to remember this one, since I will definitely not be taking the express train to cloud #9.

sorry could not resist. cyberstyle that is - crawl into someone else digits and all that. i have to admit itīs cruel even disgusting to do so but then on the other hand what is not? i will try to refrain from this "annoying form of flattery" still should it happen again i might try to write your name (mine in that case) properly...

ps: i like your stories and hope you are happy!

About this Entry

This page contains a single entry by Witold published on August 26, 2003 7:52 AM.

flashing the sun was the previous entry in this blog.

360x360x099 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.25