December 2017

S M T W T F S
     12
34 5 6789
1011 12 13141516
1718 19 20212223
2425 2627282930
31      

Navigation

Links

Page Summary

Style Credit

Expand Cut Tags

No cut tags

A small request:

jarandhel: (Default)
[personal profile] jarandhel
Tuesday, September 2nd, 2003 06:01 pm
Could anyone who is a Comcast/AT&T broadband customer who reads this please check their computers for the presence of the W32.Sobig.F@mm virus? It is a mass mailing virus which harvests email addresses from files stored on your computer in the following formats: DBX, HLP, MHT, WAB, EML, TXT, HTM, HTML. More information on this virus, including how to find out if you are infected and how to remove it, is available here: http://vil.nai.com/vil/content/v_100561.htm

I'm asking you to do this because the origin of the virus-generated emails which are currently flooding my yahoo account seems to be 12-229-140-165.client.attbi.com (12.229.140.165), which is a Comcast customer, but I haven't been able to narrow that down to a specific person yet as there appears to be a problem with using traceroute to track the IP back to a specific region of the country. (The infected computer may currently be offline or something else simple like that.)

Thank you.
Flat | Top-Level Comments Only

[identity profile] arhuaine.livejournal.com
Wednesday, September 3rd, 2003 12:52 am (UTC)
could it even be a router that's infected, rather than an individual person's computer?

[identity profile] jarandhel.livejournal.com
Wednesday, September 3rd, 2003 08:39 am (UTC)
I don't think so... from what I know of this particular virus, it harvests the email addresses that it spams from files on the victim's computer.

[identity profile] feonixrift.livejournal.com
Wednesday, September 3rd, 2003 06:47 am (UTC)
Their connection runs through gar2-p360.st6wa.ip.att.net regardless of where I traceroute from, so they're likely in the greater seatle area, not that that's in any way useful.

Prefixes/abbreviations used in domain names from the traceroute:
. gar# -- Area router, I don't know what the G is.
. gbr# -- Border router, larger scale than the area routers.
. tbr# -- Some variant of border router? Unsure.
. la2ca -- Los Angeles, California.
. sffca -- San Francisco, California.
. st6wa -- Seattle, Washington.

http://visualroute.visualware.com/ And similar such are quite nice. =)

(Yes, I was bored.)

[identity profile] jarandhel.livejournal.com
Wednesday, September 3rd, 2003 08:48 am (UTC)
I've been using the sam spade program to track it, and my own traceroute dies out at delmar-209-137-166-65-dsl.cavtel.net

On the bright side, though, the most recent wave of spam shows that it is indeed all from a single user who apparently has a static IP address or else has not disconnected (though that does make me wonder why traceroute can't reach this person). So, if I can't figure out who it might be on my own, stopping the whole thing should only take contacting the ISP and informing them of an infected computer and let them contact the user about fixing it.
Flat | Top-Level Comments Only