North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Weird virus activity from AOL user(s)

  • From: Stephen J. Wilcox
  • Date: Sat Apr 10 16:59:11 2004

Hi,
 I'm getting lots of viruses (few hundred to my personal address today), the
couple I checked appear to be the Sober-F virus based on the text.. the source
IPs from the headers are all AOL.

Strange thing is there is no virus, just the text and an attached file:
$ more Norton\ AntiVirus\ gel�scht1.txt 
Norton AntiVirus hat folgenden Anhang entfernt: corrected_text-file.pif.
Der Anhang  war mit dem Virus [email protected] infiziert.

This is a bit annoying as our scanners fail to find a virus and allow these 
thro.. so.. I'm doubting this is anything AOL have done themselves, there 
appears to be too many and from too many different IPs for them to be from a 
single user (altho they are from similar IPs suggesting the same blocks). I note 
the attachment suggests Norton AV but surely any virus scanner isnt stupid 
enough to find a virus and then still send out the email?

So whats going on then? :)

Steve