I just took a quick look at our router and it's reporting lots of port 135 hits. Fortunately our firewall doesn't even respond to them, much less let them through. My email server's filters are also set pretty much to "paranoid" regarding attachments. Anything that even smells semi-executable or unrecognized is dumped straight to the bit bucket.

So far so good.

I got Wormed on my home dialup machine I think last Monday. Forced reboot twice, no permanent damage. Got the MS patch and then the free Symantec cleaner tool (the MS patch does not remove the worm, apparently, but merely blocks new attacks).

I think this is the first time I've been hacked, wormed, Trojaned, virused, etc.

Chienworks - "bit bucket" - I like the sound of that...

G

The thing I found interesting was that a fairly large ISP (WideOpenWest) fell victim to the worm. Originally on their phone recording they were saying ALL ISP's were effected, (bull) which was why I made the post... curious how many were in fact affected.

Its still ify going, for example just trying to access this forum its about 50% 'no such page' then the second or third time I get through. Posting is about 4 to 1. My own PC isn't infected, never was, I get and install most of the Windows security patches as they come out and let Norton do the automatic update.

On a unrated event, try this one out for size on the crazy scale.

As I said in another thread a couple days back I had one of those goffy 'Windows recovered from a serious error" events. Knocked off my email access. Again I called WideOpenWest they reset, but somehow while they can access my account via FTP using the user and password I gave them, I can not access my own account with the same user/password. On the good side they are fast... averaging about 1700 mbps.

Not many fair dinkum ISPs would using many MS products therefore no reall issues for them except a bit of extra traffic while thier clients are infected etc, nothing major.

Make sure youb have the MS patch for your OS and your saved - even updated AV softwares isnt enough you MUST have the patch.

We had a 400 machine infection here, but we removed it easily and painlessly.

No blaster worm here. For once there is an advantage of running old Win 98SE.

However, another virus was identified today as W32.Sobig.F@mm and it's spreading rapidly. My PC doesn't have it, but received 4 emails today claiming I sent them an email with this virus. The virus spoofs the sender's name. Symantec upgraded the virus's threat level to 3 today.

DavidPJ: yep. I've got about 25 email users at work and between us we received about 150 of those notifications today. I checked our systems and email server log and verified that we're not infected and we didn't originate any of them. I finally had to add "w32.sobig.f" to our bit-bucket filter and even disable a few of our corporate email addresses to keep our server from being overrun.

Grrrrrrr. Symantec needs to change their scanning software so that it does not bounce back warnings when the worm is known to spoof the sending address. Their filters hit us worse than any worm has so far.

David, Chien,

Do you guys mean that the latest worm (and others I presume) can spoof a sender's address even though the worm never infiltrated the spoofed sender's machine? ie, never actually sent the email, but their address was "borrowed"?

Geez....

G