I suppose I'm not the only one, but dear old Yahoo has bounced me three times in the last two days - their usual crazy trick of sending me a virus, which my ISP rejects, so they bounce me, and then (this is the good bit!) send me an email message to tell me that my email account isn't working. :-(
You can check your "bounce" status here and unbounce yourself if necessary - you have to sign in first at Yahoo with your username and password, if you have such a thing: http://groups.yahoo.com/myprefs?edit=2 Please DON'T send test messages to the list to see if you're bouncing!!! Anyway, apart from that, dealing with Yahoo right now is like trying to swim through treacle: two messages I sent two days ago have only just been posted. Other instructions take hours to take effect, or all night or longer. I guess this is why: "August 22, 2003: Windows e-mail worm Sobig.F, which is currently the most widespread worm in the world, has created massive e-mail outages globally since it was found on Tuesday the 18th of August - four days ago. The worm spreads itself via infected e-mail attachments in e-mails with a spoofed sender address. Total amount of infected e-mails seen in the Internet since this attack started is close to 100 million." Ho-hum... We'll all try to be patient, eh? Once again - you cannot receive a virus via the Biofuel or the Biofuels-biz lists, which do not accept attachments or html messages, ASCII only. You might receive an infected message claiming to come from the list, but it'll definitely be a false sender address. Unsubscribing won't do any good at all. Update your virus protection, keep your system clean. More below. Best wishes Keith Addison List owner >From: >http://www.f-secure.com/news/items/news_2003082200.shtml >or: http://tinyurl.com/kuqh > >A potentially massive Internet attack starts today > >F-Secure Corporation is warning about a new level of attack to be unleashed >by the Sobig.F worm today. >Helsinki, Finland - August 22, 2003 > >Windows e-mail worm Sobig.F, which is currently the most widespread worm in >the world, has created massive e-mail outages globally since it was found on >Tuesday the 18th of August – four days ago. The worm spreads itself via >infected e-mail attachments in e-mails with a spoofed sender address. Total >amount of infected e-mails seen in the Internet since this attack started is >close to 100 million. > >However, the Sobig.F worm has a surprise attack in its sleeve. All the >infected computers are entering a second phase today, on Friday the 22nd of >August, 2003. These computers are using atom clocks to synchronize the >activation to start exactly at the same time around the world: at 19:00:00 >UTC (12:00 in San Francisco, 20:00 in London, 05:00 on Saturday in Sydney). > >On this moment, the worm starts to connect to machines found from an >encrypted list hidden in the virus body. The list contains the address of 20 >computers located in USA, Canada and South Korea. > >“These 20 machines seem to be typical home PCs, connected to the Internet >with always-on DSL connections”, says Mikko Hypponen, Director of Anti-Virus >Research at F-Secure. “Most likely the party behind Sobig.F has broken into >these computers and they are now being misused to be part of this attack”. > >The worm connects to one of these 20 servers and authenticates itself with a >secret 8-byte code. The servers respond with a web address. Infected >machines download a program from this address – and run it. At this moment >it is completely unknown what this mystery program will do. > >F-Secure has been able to break into this system and crack the encryption, >but currently the web address sent by the servers doesn’t go anywhere. “The >developers of the virus know that we could download the program beforehand, >analyse it and come up with countermeasures”, says Hypponen. “So apparently >their plan is to change the web address to point to the correct address or >addresses just seconds before the deadline. By the time we get a copy of the >file, the infected computers have already downloaded and run it”. > >Right now, nobody knows what this program does. It could do damage, like >deleting files or unleash network attacks. Earlier versions of Sobig have >executed similar but simpler routines. With Sobig.E, the worm downloaded a >program which removed the virus itself (to hide its tracks), and then >started to steal users network and web passwords. After this the worm >installed a hidden email proxy, which has been used by various spammers to >send their bulk commercial emails through these machines without the owners >of the computers knowing anything about it. Sobig.F might do something >similar – but we won’t know until 19:00 UTC today. > >“As soon as we were able to crack the encryption used by the worm to hide >the list of the 20 machines, we’ve been trying to close them down”, explains >Mikko Hypponen. F-Secure has been working with officials, authorities and >various CERT organizations to disconnect these machines from the Internet. > >“Unfortunately, the writers of this virus have been waiting for this move >too.” These 20 machines are chosen from the networks of different operators, >making it quite likely that there won’t be enough time to take them all down >by 19:00 UTC. Even if just one stays up, it will be enough for the worm. > >The advanced techniques used by the worm make it quite obvious it’s not >written by a typical teenage virus writer. The fact that previous Sobig >variants we’re used by spammers on a large scale adds an element of >financial gain. Who’s behind all this? “Looks like organized crime to me”, >comments Mikko Hypponen. > >F-Secure is monitoring the Sobig.F developments through the night on Friday >the 22nd. Updates will be posted to Sobig.F’s virus description at >http://www.f-secure.com/v-descs/sobig_f.shtml >There's an Update from below site: >http://www.f-secure.com/v-descs/sobig_f.shtml > > >> Update on 16:00 UTC >F-Secure can confirm that 18 of the 20 master servers are currently down or >unreachable. > >Update on 17:00 UTC >F-Secure can confirm that 17 of the 20 master servers are currently down. >Apparently one of the machines was not disconnected by an ISP and has been >booted up by its owner. > >We're working together with CERTs, FBI and Microsoft to stop the last three. > >Update on 18 UTC >F-Secure can confirm that ALL the master server machines are currently down >or unreachable. One of them seems to still respond to PING but not to 8998 >UDP. >We have one hour to go to see if this really is the case. > >Update on 18:20 UTC >Unfortunately one server is up right now after all. And one might be enough >for the attack to start succesfully. << >Update on 22:00 UTC > >The official attack time on Friday has ended. All 20 machines were >inaccessible throughout the attack. > >Now we are investigating random UDP traffic that has been seen in >the net, possibly relating to the worm. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or Lexmark Printer at Myinks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/FGYolB/TM ---------------------------------------------------------------------~-> Biofuel at Journey to Forever: http://journeytoforever.org/biofuel.html Biofuels list archives: http://archive.nnytech.net/ Please do NOT send Unsubscribe messages to the list address. To unsubscribe, send an email to: [EMAIL PROTECTED] Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
