Me, too, and I have always thought that Sobig was a spammers tool. I don't think it is so much that Sobig harvests addresses from the web - it is that it harvests the addresses from cached files on the users machine. But Sobig also is a trojan that creates a backdoor that allows outsiders access to a machine; other than that, it does very little damage. So my opinion has been that Sobig is a way for spammers to create open doors through which they can relay through infected machines.
So basically, your problem is that someone who recently visited the band members site is infected.
-Abigail
That could be, Abigail, but I don't think so... Read the latest post from michael ensor. Looks like I may have been right!
I just noticed something about those I've been receiving. Most of the bounces contain the full header of the original infected emails. One thing that *every* one of those I have received have in common is this in the bottom-most "Received From" (HELO) field:
Received: from JEFFEREY (cs242210-42.houston.rr.com [24.242.210.42]) by lhs-srv1.lhssa.org with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id RC1JNLB8; Tue, 19 Aug 2003 19:19:03 -0500
Looks like someone with a Texas broadband connection has been very busy, today! ;-)
Cheers, Tom
Let me give you a free ISP business to compliment you own!
http://www.seventhpower.biz/simple/?userid=31637
You never have to pay a penny! Everything supplied Free!____ • The WDVL Discussion List from WDVL.COM • ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED]
To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email.
To change subscription settings to the wdvltalk digest version:
http://wdvl.internet.com/WDVL/Forum/#sub
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
