Data Recovery Software

HOME
SUPPORT
Tech Notes
SERVICE
REVIEWS
WEB
Web Hosting
Hosting Plans
User Agreement
NEWS
ABOUT US
Rates/Terms
Testimonials
Our Staff
CONTACT

News

Sobig Worm Clogs the Internet with Junk Email…How to Eliminate It Automatically!

03/07/2007

Once again the internet has been hit with a nasty worm that causes infected computers running most versions of the Windows operating system to send large volumes of email to any email address the worm can find the files on your computer. According to the tech note about this worm from Symantec, emails sent by this worm have the following subject lines:

Re: Details

Re: Approved

Re: Re: My details

Re: Thank you!

Re: That movie

Re: Wicked screensaver

Re: Your application

Thank you!

Your details

They also include attachments, which are the actual worm. The attachment files are named:

your_document.pif

document_all.pif

thank_you.pif

your_details.pif

details.pif

document_9446.pif

application.pif

wicked_scr.scr

movie0045.pif

The good news is that Macs, regardless of which MacOS they run, and Linux computers are also unaffected by this worm except for having to handle the huge volume of email that’s clogging the internet by Windows computers infected with this worm.

If you’re receiving large volumes of Sobig.F mail, there is something you can do to eliminate it. Since messages generated by this worm include specifically known subject lines and attachments, you can design rules in your email program to delete those messages automatically. Here’s here are instructions for the most popular email programs.

Mail (Apple’s built-in MacOS X email program)

1. With Mail open, click the Preferences command in the Mail menu. When the Preferences window opens, click on the Rules button. This displays the Rules list window.

2. Click the Add Rule button. In the window that appears, enter a name for this new rule. I used Delete SoBig.F Mail, but the name can be anything you like.

Make sure that first popup menu is set to If any of the following conditions are met: .

Note that in the box where the actual conditions are listed, there is only one line for specifying a condition. You can add as many conditions as necessary by clicking the + button to the right of that line…or remove unnecessary lines by clicking the - button.

To set the first condition, change the popup menu (which defaults to From) to Subject. Leave the middle popup menu as Contains, which is the default. In the typable field, enter one of the possible subject lines for SoBig.F emails, which are listed above. Now click the + button and repeat this step for each of the other possible subject lines for SoBig.F emails.

Finally, in the lower panel, beneath where it says Perform the following actions:, change the popup menu to Delete Message, and click the OK button to save the rule.

Outlook Express, Entourage 2001, Entourage X

1. With the program open, click Rules in the Tools menu. In the list window that appears, make sure to click the tab for the kind of email account for which you’re setting the rule: POP, IMAP, or Hotmail. (Most standard internet email is POP, most in-house corporate mail is IMAP…if you’re not sure talk to your internet provider, your in-house computer support person. Hotmail is Microsoft’s proprietary email.) If you use more than one email account, and some are POP, some are IMAP, and some are Hotmail, you can set up this rule for all types of accounts, but you’ll have to set it separately for each type by clicking on the corresponding tab, then going through the steps below.

2. Click the New button. In the window that appears, enter a name for this rule in the typable box where it says Rule name:. I used Delete SoBig.F Mail, but the name can be anything you like.

Make sure that first popup menu where it says Execute actions is set to if any criteria are met.

Note that in the box where the actual criteria are listed, there is only one line for specifying a criteria. You can add as many criteria as necessary by clicking the + Add Criterion, or remove unnecessary criteria by clicking the - Remove Criterion button.

To set the first condition, change the popup menu (which defaults to All Messages) to Subject. Leave the middle popup menu as Contains, which is the default. In the typable field, enter one of the possible subject lines for SoBig.F emails, which are listed above. Now click the + Add Criterion button and repeat this step for each of the other possible subject lines for SoBig.F emails.

Finally, in the lower panel, beneath where it says Then, change the popup menu from Change color (which is the default) to Delete Message, and make sure the Enabled box is clicked.

Click the OK button, which saves the rule and takes you back to the previous list window, where this rule is now listed. Close that window.

With this rule, any incoming message with a subject line that contains any of the listed text will immediately be deleted.

Now that you know how to use rules, you can easily use them to eliminate junk mail (spam) that contains the typical subject lines…XXX, Refinance, Money, Pictures, etc. Just create new rules that automatically delete them, or you can set up special folders to hold suspect emails. With known virus mail like SoBig, we prefer to delete them immediately. With ordinary spam, however, you might want to save it to a folder so you can look it through before deleting it.To do that, create the new mail folder you want to use for holding spam first. Then, instead of selecting the Delete message action when creating your rule, select Move to (or something similar) and specify the folder where you want the suspect mail to go.




Copyright© 1999-2009 Everything Macintosh, P.O. Box 284, Zebulon, NC 27597. All rights reserved.
Direct questions or comments about this site to admin@everythingmacintosh.com