The recent variation of the W32.Sobig virus has caused quite a stir. It’s gotten so bad that “normal” spam is way down as choking email servers try to cope with the deluge of the new virus mail. I’m guessing that “normal” email, the stuff the internet uses for basic communication, is down too.
I’m one of the lucky ones so far (knock on wood). A bunch of them have hit the virus trap at my mail server, but so far the anonymous senders haven’t used my email address in the From: header. Friends and associates haven’t been so lucky. People I know are getting up to 1000 emails per hour hitting their mailboxes from bounces, complaints and other residual that happens when a spammer steals your email address.
Over in the mail-related newsgroup at my domain host, the normally quiet little group (~20 posts per week) has turned overnight into Grand Central Station. A regular poster summed it up in a two-line thread: “Good grief”. A group that normally had a few geeks discussing various ways to implement Spamassassin filtering with procmail and qmail is now filled with hysterical suburbanites begging for some kind of “button” in their domain hosting control panel that can turn Sobig off. Sorry about that. You kind of have to read about setting up filtering. The owner of the web hosting company had this to say yesterday morning:
“Of course, everyone should keep their Windows machines
patched, preferably by installing FreeBSD or Linux.”
That didn’t sit too well with the suburbanite crowd. “We’re paying for email service and we’re not paying for all these viruses!”
In the end, he acknowledged that even though the company didn’t send out Sobig, and even though the company doesn’t even use any kind of Microsoft operating systems, they’d probably get blamed for the virus anyway. So now, when you login to your web-interface control center for your domain, there’s an option to “Click on” that allows filtering for Sobig and stores the suspected virii in an IMAP folder on the server. And they accomplished it in the space of a few hours without deleting any customer email, something they say they’ll never do. Not too shabby, I’d say.