I just got another email from big@boss.com which looks to me like a virus. This is the 3rd or 4th in a couple of days. So I went to both Symantec‘s and McAfee‘s anti-virus pages, and didn’t turn up anything.
Then I tried a Yahoo! search for “big@boss.com virus”. Nothing. For kicks, I tried a Google search for “big@boss.com virus” but that turned up no search results, either.
Google AdWords to the rescue
But wait a minute: on the right-hand side of the Google search results, I saw an advertisement that looked like this:
|
Someone bought an ad on Google to help spread the word faster than the Google search engine can index pages about the virus! That’s really generous of them! They should add a PayPal donations button to their page. (No such helpful advertisements were found on the Yahoo! search results.)
Hunting around a little further, it appears that this is the W32.Sobig.A@mm virus (the subject line of Re: Movies and attachment of Document003.pif matches what I’ve been getting). But no mention of big@boss.com on the Symantec page. Bizarre.
Recapping the scores: Symantec 0, McAffee 0, Yahoo! 0, Overture 0. Google AdWords: 1.
The AV software we use at work (RAV Antivirus) picked right up on it as a virus. If Symantec and Norton haven’t gotten to it yet, that impresses me actually.
I was just looking over the logs from yesterday and noticed this site referring. I got about 90 hits from the Google Ad. Alot of other people came directly to the site bypassing the actual ad though. Google actually cancelled my first ad because it said “Click here for more info” I forgot that was part of their ad rules. It hit our workplace pretty hard and even though you tell people to avoid unknown attachments some people just can’t help themselves. In trying to research what I thought would most likely be a virus (confirmed later) Just like you I could not find a single reference yesterday by searching for the email address. I pulled the ad this morning because the search engines appear to be updating to meet the demand. Thanks for the kind words.
thanks so much for saying something about this…if i hadn’t found your blog, i probably would’ve opened the email out of stupid curiosity ^_^ i searched for “boss.com” & also for the email address “big@boss.com” on google, & your blog was the first thing to pop up. someone should really start warning people about this.
FYI, I received the email on jan 13, 2003 & it said it was a reply to “here’s the sample” or something like that. tricky tricky…i honestly tried to remember if i sent someone something like that…& i couldnt remember so i almost opened it. thanks again for confirming my gut feeling that it was a virus!
I am getting 2 or 3 mails since 13.01.2003 with good subjects.
re: sample, Re: document etc. I opened my account and scanned the mail with inbuilt F Scan in rediff.
Soon it detected virus.
Today I was very much puzzled, and tried to search at google.
Thus found this page to write something about it..
I am surprized, why Norten and few popular websites which claims to users to get secure account with paying money were unsuccesful to detect the virus..
thanks..
ashok
I have had two from Big@Boss in the last three days, title re:document with the attament Sample.pif and the secon was titlie re: Movie with the attachment 0074vide.mpeg.pif
Anyone know where this originates from as mentioned in others comments, nothin from Symantec, McAffee, Yahoo.
I got several e-mails from Big@Boss on my home ‘puter last night, 1/15, deleted them, and got 4 more on my office machine 1/16 but Sophos on our University NT machines warned of it. Bad English seems to be a “tell” on a lot of these.
I hope everyone sees this page!!!
See, I got a big@boss.com thing on January 16, 2003…but to my university account, which puzzles me greatly (it cannot possibly be on any lists or anything). The thing that worries me now is that it’ll spread to the entire university: very few people have university account email addresses except for people who are here themselves, so I hope nothing catastrophic happens. We’re addicted to email!
Yes, my AVG free virus protection napped 2 virus infected emails from big@boss.com. A check of the isp showed it being from pacbell, so I reported the abuse by forwarding it to abuse@pacbell.com.
Hi
Got a mail from Big@Boss.com today. Document: Untitled1.pif
Found your page while searching for more info. My scanner was outdated so he said nothing – but the thingy looked strange to me. Fine to see that some people help each other while others try to waste our time with sending viruses … tststs
best regards
Peter
More info on this virus can be found here:
http://www.f-secure.com/v-descs/sobig.shtml
http://vil.mcafee.com/dispVirus.asp?virus_k=99950
Like the others I received the bigboss emails. saying the same things as above.
Zone Alarm is out to lunch. I have the upgraded version and if I hadn’t caught it myself, Document003.pif would have slipped through. Seems like a very small file (65K) to be so destructive…
Ben Wallis
Director,
Wallis Gallery of Antiquities
ben@buyancient.com
http://www.buyancient.com
I just found this:
Which outlines this:
Re: Movies
daemon@ATHENA.MIT.EDU (big@boss.com)
Mon Jan 13 15:41:55 2003
From: big@boss.com
Message-Id:
To:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”CSmtpMsgPart123X456_000_00F5BF41″
Errors-To: krbdev-admin@mit.edu
Date: Mon, 13 Jan 2003 15:40:56 –0500
This is a multipart message in MIME format
–CSmtpMsgPart123X456_000_00F5BF41
Content-Type: text/plain;
charset=”iso-8859-1″
Content-Transfer-Encoding: 7bit
Attached file:
–CSmtpMsgPart123X456_000_00F5BF41–
_______________________________________________
krbdev mailing list krbdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/krbdev
LOOKS LIKE MIT IS BEHIND THIS AND PROBABLY MANY MORE VIRUSES.
HERE’S THE URL FOR THE PAGE SHOWN ABOVE:
http://diswww.mit.edu:8008/menelaus.mit.edu/krb5dev/7891
I just got one today from big@boss.com Re:movies….thank god for nortons. Who’s sending this shit, and how did they get my email?
Thanks, I’m glad that for people who send out viruses like bigboss, there are people like you. Tony
I received one mail from big@boss.com today, it did
nothing to me because I use linux system. I guess it
is a virus, so I search it in Google. So terrible,
but it seems safe for linux, 🙂
fwiw: i received the big@boss.com email yesterday, and spamassassin (http://spamassassin.org) flagged it. nice to know it can spot messages like this. if you’re not running it, why not? here’s its analysis of the message:
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (5.00 hits, 5 required)
SPAM: NO_REAL_NAME (-0.3 points) From: does not include a real name
SPAM: USER_AGENT_OE (-0.3 points) X-Mailer header indicates a non-spam MUA
(Outlook Express)
SPAM: INVALID_DATE (1.6 points) Invalid Date: header (not RFC 2822)
SPAM: SPAM_PHRASE_00_01 (0.6 points) BODY: Spam phrases score is 00 to 01
(low)
SPAM: MICROSOFT_EXECUTABLE (0.1 points) RAW: Message includes Microsoft
executable program
SPAM: DATE_IN_PAST_03_06 (1.5 points) Date: is 3 to 6 hours before Received:
date
SPAM: MSG_ID_ADDED_BY_MTA_3 (0.2 points) ‘Message-Id’ was added by a relay (3)
SPAM: MISSING_MIMEOLE (1.6 points) Message has X-MSMail-Priority, but no
X-MimeOLE
SPAM:
Thank god Nortons sorted it out. If I got hold of the little shit, I would break his legs
I am now getting 2 or 3 a day but will get the word spread as soon as possible.
I just got this Big Boss thing too Your Blog seems to be a confirmation for quite a many people.. i did a check and the ip said it was coming from houston.. thein i dug around some more.. and got something to the effect of the university of Michigan. so wow.. pooped up sqwak huh? well thanks any who..
I Had New E-mail! I Took A Look? Big@Boss.com I Thought Do I Know Them?? Naw? I Downloaded the file On my test computer! Ran A quick Virus check! Bing Found Me A Lame Virus!! Better Luck Next Time!
More Information can be found out at http://www.vsantivirus.com/sobig-a.htm
I received probally 6 or 7 of these on my Excite account and 2 or 3 on another, In which I have only shared with 3 or 4 people (the address). I was somewhat confused for the size of the email, with no attachment. I did catch on though and deleted everything, But now I am getting some junk mail sent also to an account that was never given out to an outside company, Pretty irritating. Thanks for the post though, I was wondering if I was the only one out there!
I was attacked minutes ago by big@boss.com but my Norton/Symantec antivirus intercepted the file and quarantined it. So they know about the virus. big@boss.com is not the virus, just an expeditor…
Nice try Big Boss. I wonder how tiny the penis is of the guy(s) who made this one up. Or, How large the zits on thier asses are. Dont get out much huh fellas? Anyway, Rumsfeld and his boys should find and prosecute these intraverts as homeland terrorists. Lets see how they like being “attacked” if the law allows some lockup time. Bubba and his friends would love some belly-warmers named “big boss”! See what happens to those who dont get laid?
Yargh, somehow it seems to be crashing our linux box. Twice now in the last two weeks, mail from big@boss.com is followed shortly by memory errors and server thrashing itself into a coma…
Beware this thing!
You can use sendmail’s blacklist to give it the hearty heave-ho though–add:
big@boss.com DISCARD
to your blacklist. Or if you feel like being helpful:
big@boss.com ERROR:”550 You have the So Big virus. Update your virus software and disinfect your machine!”
I just got this thing and it’s sitting in my mailbox. It looked funny to me so I didn’t touch it. I’m afraid to highlight it. It’s from big@boss.com and the subject reads “Re:Here is that sample”. Did Norton really figure it out? If so I will delete it.
I’ve been receiving a couple of the big@boss.com emails daily over the last two weeks. Symantec has finally posted information about the worm at
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.a@mm.html
My NAV caught the emails yesterday and quarantended the files. So, to eliminate future annoyances I’ve set my Rules Wizard in Outlook to automatically delete emails from big@boss.com
Hope that helps.
jj
I have received 2 big@boss.com emails in the past 2 weeks 1/13/03 thru 1/22/03on
my office computer. Norton caught both of them (Thank You Symantec), so I quarantined
them and deleted the email. Prior to deleting them I printed the email with full
headers so I have a record of them. I don’t know how my email address was obtained,
but it could be from other infected computers, since I have also received 2
emails infected with the Klez.e Worm virus from one of our clients. I notified them
and they thought they had it quarantined, but it looks like they didn’t do a good
job of it. I will continue to use Norton and add big@boss.com to my spam senders on
my SpamDetective program.
If you don’t know who sent the email…don’t open it!!
Thanks for the info, have received this at least 6 times in the past 3 days. Followed the above link to symantec’s site and got the expected news… doesn’t affect Macs. Dare I say this (for then it will be proven wrong), but I have yet to be infected by a virus or worm, despite receiving many. For the plain old user Macs are the way to go. Heck, now with OS X even techno geeks can use ’em happily. 😉 Speaking as the wife of one…
Just had my outgoing mail server poop on me, it appears to be as a result of one of my users receiving this big@boss.com email, subject “here is that attachment you requested” he replied requesting a re-send of the attachment as nothing came thru (we are a mac only shop here, so the .pif did nothing to his machine. What it did do however is cause a strange problem with EIMS which caused it to stop sending outgoing mail. or rather, it glitched the outgoing smtp connections, causing eims to delay sending the email. Clicking send now on an item in the queue would attempt a send, but then close the connection and delay sending again. restarting the mailserver and removing the email to big@boss.com from the send queue and everything was back to normal..
Thanks for the info was helpful in verifying that big@boss.com was the culprit.
I started getting this about a week ago, I think, and always assumed it was a virus. I get it about three times a day now. I’m so overwhelmed with the “Hello America” campaign, though, that it’s just an afterthought. My AntiVirus – the home version, from Germany – did not catch it, probably because it arrives in a shell account, with pine running ssh. None of the viruses work there. The fifth or sixth time I hit Reply and wrote, “Here’s your virus back. Didn’t work.” 🙂
Joe
*.ZLO ???
My mail from: big@boss.com (1/13/03)
had a “untitled.zlo” attachment.
We are not familiar with that extension.
Beating Google to the Punch for the Greater Good
big@boss.com Virus and Google AdWords
Truth in Advertising
Michael Radwin noticed that Someone bought an ad on Google to help spread the word faster than the Google
I got the big@boss.com letrter. I scanned it with norton and it picked up the virus right away. I mailed the dude back his virus and he sent me another one. grrr….
Okay, the bum who keeps mass mailing this is mobile, with a laptop… this is the ip he used to transmit his email to me: 66.220.55.1
It idents as adriano-laptop.
Jason: Here’s a tip… If you get spam, don’t email them back – that validates your email address as being real. IE – don’t email back people who send viruses, either. Especially if you use pop3, which automatically downloads EVERYTHING involved with an email to your system. I have always used web-based email for that reason.
I TRACED WHERE THE BIG@BOSS.COM address resides!!!
http://www.swiftcomm.com
I traced the IP using ARIN, and they own the block IP that the email originated from! Now, authority-wise, who do I tell?!!
Hell… email them: abuse@swiftcomm.com
Someone said: “I TRACED WHERE THE BIG@BOSS.COM address resides!!!
http://www.swiftcomm.com
I traced the IP using ARIN, and they own the block IP that the email originated from! Now, authority-wise, who do I tell?!!”
What you tracked down isn’t the source of the messages; it’s just the IP of a particular infected system. The big@boss.com address doesn’t “reside” anywhere. This is a virus which infects computers and causes them to send out more copies of the virus. It’s not like someone with the address “big@boss.com” sits down every night and sends out a few million messages; the emails come from random infected machines.
There’s nobody you can bitch to or track down. At best, you can look at message headers to figure out the IP of the host you received a particular message from, and then try to figure out a way to contact the person responsible for that host. Better uses of your time would include things like “learning to create filters for your email client” and “staring at the wall”.
Lots of thanks! I’m from Spain and I also received this kind of message, in fact I got 7 yesterday night. I don’t know if this virus is already in my computer, because I opened the first e-mail… Low speed might be a consequence…
Your right there is hardly any stuff found when you do a google search for big@boss.com. I received 2 emails a few days ago. As mentioned it seems Mac’s are immune. Dare I say another good reason to invest in a Mac.
I know this sounds VERY STRANGE AND PROBABLY STUPID, but I play a computer game called StarCraft. StarCraft has a forum on http://www.Battle.net. My account there is reckless. Strangely, http://www.battle.net is the only place I’ve ever told people about my e-mail. My e-mail is EnchantedHardDrive@yahoo.com. i recieved the big@boss.com e-mail. The file was called, UNKNOWN PARAMETER (SOMETHING) It might seem pretty easy to guess, but really, who would just popped that into their head? It’s just sooooo weird.
I don’t really have any true ideas. Just ignore my post. Even I’ve come to realize what a stupid statement i wrote:/
I opened an email with the subject line saying ” here’s the sample” Well I scanned it thank god first and caught it. The question is what does this virus do? and who made it ect.. I think alot of viruses are out there because no one cares to know who made them, or who is keeping them. and FYI AVG 6.0 completely rocks for a antivirus , I have neeeever found anything to come close. My norton and mc’afee stay right in thier boxes collecting dust thank you.
The mail you guys got contains a wurm called sobig.
The subject line contains
“Re: Sample”, “Re: Movies”, “Re: Document” or “Re: Here is that sample” and comes from the adress (From:) big@boss.com.
A .pif file is attached that infects, if executed, the local machine and all machines that are connected by networkdrives. It sends itself to all the email adresses it finds on your system.
I guess it only works on windows machines…
If it does indeed infect your computer you’ll see a pornographic image of some kind and u will find an executable called Winmgm32.exe in your windows folder. It also installs some backdoor to your computer of some kind…
Got all this info from this page:
http://www.heise.de/newsticker/result.xhtml?url=/newsticker/data/pab-14.01.03-000/default.shtml&words=big%40boss%20com
more info:
http://vil.nai.com/vil/content/v_99950.htm
Symantec now have a downloadable virus remover program that will remove all traces of this sobig worm from your comuter. My machine was infected a few days ago, luckely my Norton Anti virus protector picked it up before it could do any damage. I down loaded this small program and it removed the virus straight away.
If this makes any difference I have been scanned by the bejing email extractor on my server. The I.P. that scanned the server was 213.253.214.178, shortly after this I’ve had the big@boss.com email sent to me and also I’ve had a spoolsv.exe trying to send data out to I.P. addresses. Zone Alarm block the data going anywhere. Check you do not have spoolsv.exe passing out data as well.
Mazza
much thanks for the warning. I will delete this mail right now
I have been getting this big@boss.com virus, I traced it to an Internet cafe in Spain. This is what I get in my message header :-NAV14 (unknown [213.172.59.114]) if I look on the email abuse website :- http://www.abuse.net/relay.html and put the above IP in it shows that this Internet cafe is being used as a relay.
big@boss.com sent me the virus, my version of NORTON picked it up some how… I already had the document marked as possibly being infected… So i sent a email message back telling them off, and we will see if they dare to attempt it again…
I have been getting this big@boss.com virus now for about three months, along with a bunch of others. One day last week, I received over 500 e-mails, all with various other subjects and senders. I know that it very well might be the same sender, as they have ways to mask their “from e-mail” address.
Virus protection is not such a big deal, as mine is updated frequently and stops it in its tracks. However, I had to stop using my Outlook Express and access my e-mail through a remote server because of the time it took to download all of those crap messages. I would like to put a curse on big@boss.com at this time for making my life a living hell.
big@boss.com virus was sent to me at the March26-28 2003 period only once and I would like to know from all the people here who received the virus why we may be the ones getting it because this is the 1st virus sent to me and it has come at a period of time when i have been doing more research then i have ever done in regards to gov. scheming. ALSO: a curious thing is that in the same yahoo bulk folder that the virus was in was a separate email without any message in the body with a return email address…i entered the email into google and 1 page came out, it was a text list of network companies and the email address i entered into google was listed as a company in Mexico…a virus email and a separate email related to network security in the same bulk folder? Are network security firms working with virus makers so they get more business? nah, not in this flawless “democracy.” I think they are working with each…yes it’s fuct, but let’s investigate this matter further!
I’ve been getting email from big@boss.com everyday for about 1 month. I never open it. It possibly could be a virus. Who ever is repsonsible needs to be stoped. It just a waste of time..
Like a dumbass, I thought it looked like a file someone from work may have sent to me. I opened it yesterday, and today I’ve been having problems with my browser. I followed the advice of a previous poster, and downloaded the Symantec virus remover specific for this virus. I ran the program (160K), and it DID find the virus, and repaired it. Now my browser works like before. And it was free!
Thank you so much you lovely fellow cyberpeople. I just rec’d an E-mail from big@boss.com. I recenty posted a request for submissions for a book on craiglist, so of course I’m getting a ton of responses from strangers. I specifically asked for Word docs if they are sending an attachment. This was a ‘movie’ file with the Subject: Examples. If I didn’t do a search for this first, I would have opened it. Take care!
Hi there. I started getting these e-mails from big@boss.com about 3 months ago. First I got them every so many weeks then it stopped. Now I’m getting them again. Since I’ve been getting them more recently the subject has constantly been Re:movies which is quite strange because I am currently working with an independant film company. Anyway I tried to e-mail them back telling them to stop sending me this crap. Seconds later I recieved an e-mail from yahoo saying the address doesnt exsist. If it dont exsist then how is it possible that someone can send these and why cant we reply?
I’ve received the virus on my Yahoo! mail and the good thing is that you can scan the mail with Norton and it will find it. For the users of Yahoo!mail I recommend that you always use Norton AV when you receive mail from unknown e-mail adresses.
P.S. Subject was: “RE: Here are those samples”
I’ve just started receiving these emails…Yes I got the “samples” in the subject, and Norton Anti virus always catches it. Rather bothersome little buggers aren’t they?
Kudos to Michael..this is the top Google search for finding this virus reference. Thanks for posting the Symantec link. I’m heading there now to get rid of the virus.
Kudos to Michael..this is the top Google search for finding this virus reference. Thanks for posting the Symantec link. I’m heading there now to get rid of the virus.
Man,
Just got the big@boss virus for the first time…dam thing.
Peace.
Just like everybody else…I got the big@boss.com Emails, which contain the virus….whats this about MIT being responsible???? Luckily enough BT Openworld spotted and erased the file before it got to me. They were using Symantec’s Norton Anti Virus so for those of you who have tried searching their database and not finding anything is very odd!!!!
Mark
A message to the BABOON sending out the shit from the big@ address: With several law enforcement agencies now notified, plus after pissing off several BIG 6’8″ “Guidos” here, you might as well seek refuge with Bin Laden, because we’re going to get you!
Moral of the story is Don’t open a .pif file from a stranger. Hell, I don’t even open .pif files from friends… I mean… who’s gonna send you a .pif anyway? Especially without telling you???
I run Analog X ‘s Script Defender.
It’s free and it stops most malicious scripts before they execute. http://www.analogx.com
Okay, I recieved an email from big@ boss. com (space intended) in my Yahoo! account. Normally, there would be the attachment info @ the bottom of the page, giving me the options to “save to briefcase” OR “download” OR “scan with norton”. Since I opened the email, but saw/opened no attachments, DO I HAVE THE BIG@ BOSS. COM VIRUS??
I just got the big@boss virus for the first time today. Despite the fact that ive never given out my email address yet. And as if that wasn’t bad enough i open the file.. several times. but it did absolutely nothing. I also saved it on my pc. I’m trying to see if i can open it. with different types of programs or an editor. It must be written in some language, i’m not a programmer but i am very curious to see whats in it…
So now i’ll go and continue clicking on that file untill i get bored. Later
Got the big@boss.com email today with a doc attached… Norton picked it up straight away and dealt with it.
I am getting mails everyday from big@boss.com,
it contains virus. Is there any way to stop getting mails from big@boss.com?
please suggest
Cheers…venki
HI
I have been getting this every couple of days for over a month now, 3 times today already. thank god for norton.
regards
phil
HI
I have been getting this every couple of days for over a month now, 3 times today already. thank god for norton.
regards
phil
Hi,
I just wanted to say thank you to Michael for this very useful forum, and thank you to all those who posted information on how to clean their computer of this virus.
Sheila
Pretty long comments, actually.
As everyone else here I got some mails from Pigboss. I don’t really remember when I got the first mail from it but as I don’t give my mail to anyone I took a look at the mail, saw the size and scanned it. Web.de said ‘Virus’. One click later… finished. Now I’m gettin’ 2-5 mails from Pigboss, and as it looks here, we have NO IDEA from where it’s coming or who made it!
Hope we’ll find some way to kick his @$$ pretty hard
And why the heck does the site here wants the email address?
Getting 2 a day from the Boss man… but Mac-ed up, so it does little more than waste time downloading.
big@boss.com? Get real. Must be smallfry@lowleveltraineejerk.com
I have been reading all your posts. I am getting the same e-mail sent to me too, EVERYDAY!!!…in my yahoo mail. Usually, it says Documents, Sample, or Movies & is 88k. I knew right away it was a virus, I spammed it & got it going in my bulk mail now. This idiot must have (no life) to try to ruin someone else’s computer on a daily basis. Sick kicks. Is anyone trying to find out where this person is originating this crap, so he can be stopped??
I get emails from big@boss.com at least 2-3 times a day. It’s more annoying than anything because first, I would never open the attachment anyway, and second, I am on a Mac and don’t have to worry about things like this.
I keep getting big@boss.com text messages on my cell phone!?!?
It’s annoying as hell!
Got the email on Friday, opened it thinking it was from my friend a big Kung fu fan, big mistake. Saturday morning, turned on my Mac to read my mail. got a bad internet preferance file. sorted it out with Nortons but have ended up with most of my mp3 collection and my emails wiped out. Has anyone else had this problem?
A nice new version has arrived in my inbox this morning, purporting to come from support@microsoft.com.
It’s another I-Worm, and is in an attachment called “application.pif” although pif is apparently sometimes shortened to .pi. The subject is “screensaver”.
See the MS support site for more info.
Yo, has anybody ran into the whois report on this bug… I’m sure this is mobile as well, but thought I’d through the info out just in case. Check it out::
Boss Game Studios
Colin Gordon
15400 NE 90th ST Suite 300
Redmond, WA 98052
US
Phone: 425-556-0440
Fax..: 425-556-0547
Email: colin_gordon@bossgame.com
This is what the whois report says about the person that owns boss.com… Though boss.com, bossgame.com and more are not live they are being used… If you send an email to these addresses they are sent back with a different attachment… server is set to autorespond with another .pif file… Smart but not smart enough… It has to be a mobile or personal server to be pushing invisible info like this…No other legit hosting company would allow this…Unless they didn’t know about it. Is there a way to track the host server? I can’t believe another hacker couldn’t trace this motherF*%ker down. If you ever find the source, post it, let everyone know…
Thank God “Zone Alarm” picked this up. If it didn’t I’d be sunk. How long is this prick(ette) going to be able to hide. Time to sick the dog’s on ’em. Any info. on this individual would be appreciated. -WEEZE345-
Cannot get rid of big@boss.com even with live update. Any suggestions please.
That with Support@Microsoft.com sounds familiar to me 🙁 Got two of ’em already. Someone must stop this damn bastard. I’m gettin damn crazy. Wait until I get my fingers on him. I’ll force him to eat his damn worms!!! Gaah
i first recieved this virus mid jan of this year. i deleted it without opening it. it had, unfortunately been opened by a colleague of mine and the infected his machine. as the name was similar to my company i was asked to check it out – not out of concern for it being a virus but from the email address. after a long break from that virus, over the last few weeks i am getting around 4 per day from big@boss.com on various other email addresses with my domain. also receiving on a daily basis the support@microsoft.com i suspect that there is some sort of bot looking for valid email addresses as i am receiving this virus on mail addresses which are brand new (2 weeks old).
I get same email, but how do I know who it is sending it to me? I’m kinda wondering if it’s a friend that got it and I”m intheir address book or if it’s just some virus that found my address.
I have been getting the same e-mails for a couple of months now! It’s the most annoying thing ever as I use outlook express and it takes ages to download it every time! I’ve tried e-mailing them to tell them to go F* theirselves, but was wandering if there was some tool around which can track where it was sent from!? (Have also recieved the support@microsoft.com ones).! arghh
I have been getting this email address to my Yahoo Group. Luckily, not the actual group, just the owner email address.
Set a simple Mozilla Filter and big@boss.com goes bye bye immediatly.
Thanks for this informational page.
Just recieved two emails from big.boss.com, if anyone out there hasnt got the freetrial AVG software I would suggest they do so, it detects it as a worm visus and irradicates it immediately, I downloaded my version free and it wasnt even up to date.
I’m glad I found more info here, furthermore the only secondary web page i ever gave my email address to was DOWNLOADS.COM, I am not blaming them but it seems strange that the day after I registered with them I recieved this virus.
I hope this is informative to anybody who has trouble with the virus.
Best regards
Martin
i thought i was the only person gettin this shit. how can i stop it besides deleting it!???
I suspect BIG BOSS coming from server in Canada.The world must track and kill this enemy of freedom. It is possible that a terrorism group is behind this virus
I caught it in time and deleted it. I spotted it with Norton. There IS a website (yahoo search engine) that’s out of Poland, maybe. It’s just Boss.com.
Anybody know what adc[1]pdf.scr is? It’s got something.
Thanks,
Bill
Look, I’m new at this, but since the only “boss.com” I found is followed by a country identity: pl (There’s also another one: tw. I have no idea what that one would be[Thailand?]), then it makes sense that the person that took out the “boss.com [add country here]” domain is very close to the guy who is sending out the virus, from the U.S., of course, which doesn’t have a country code after it’s “.com’s”.
So, find this guy, you’re on the right track(?).
Bill
In a word EBAY!! I got the message to three different addresses that appear nowhere else on the net other than my Ebay auctions. This virus must scan ebay somehow for it to have found all three addresses – USED ON DIFFERENT AUCTIONS so it must somehow scan past auctions too.
Thank goodness I found this site. I began thinking that I must have offended someone somewhere and was being personally attacked–big ego huh, but not as big as big boss’s. Now that I am in the same boat as millions here is my suggestion (I’m a total computer novice so this might not work)–can we pressure all our isp’s to reject that domain name so instead of individual filters our ISP acts as the big ole filter. Short term probably huh? Techies, your thoughts?
I too have that stupit email of big@boss.com today (July 2nd 2003) this person thinks I will open a zip file and he/she gotta to be crazy! I do not open zip files or any type.. if this person thinks that emailing to yahoo have to soo dumb butt or not very intelengent(misspell) for doing soo! and Yea I alreay knew it was a virus type that distory files and Documents and also including stuff that is needed for things like school work I have to use! Man! does this person learn to leave us alone its like we have enough problems as it is.. well I will not leave my email nore my web site on this place because I love my privicy.. Hear ya soon! RealDemona the one and only insane one from the Big Gargoyle fan and My old cartoons from Filmation. 🙂
stupid bigboss, he thinks that all of us would fall right into his trap. good thing i have anti-virus norton here. but you know what?(not yet right?) if it hadn’t for this search i maybe had been a victim. its really tempting to open those attachment, i got seven of them, each one the very same attachment at a day. how could that be-i was thinking… then i remembered that i signed up for free stuffs from websites like: hungover.net a lot of times and i cant even remember an email from them.
Well i had to thank this site for the big boss news. if it weren’t for you, i could not send this message.hope this helps… (and makes me one of the famous once…hehehe)
I post some critical comments about US foreign policfy on Yahoo news groups and an rewarded by being sent the big boss virus.
I never open attachments from unknown people and especially not from something called big@boss.com
My take is that it’s some right wing vigilante punishing people for not supporting the axis of stupidity
Bush Blair and Berlusconi
the KKK has become the BBB
PS Do any of you profess right wing opinions, if so that may disprove my theory
I got an e-mail from big@boss.com with the subject RE:document yesterday, fortunately i don’t bother with e-mails that i don’t recognise the sender. I got another one today and decided to scan it and lo and behold norton anti-virus detected a virus. It’s a good thing this page exists to inform people about such virus attacks. The question now is how did it get my e-mail address?
Yes i get emails from big@boss.com and its making me crazy.
I get at least 2 a week.
No one can figure out where its coming from:(
Who the Heck is this big@boss.com??? Cause i know its a virus its just that my virsus protection is’nt picking anything up????? Well when someone finds out something please email me ………
snakoon@yahoo.de
j’ai plein de mails de bib boss
je le filtre en tant que courrier in desirable mail il apparait toujours.
Que faut il faire pour ne plus recevoir de ces mails???
Merci.
I keep getting the Big@boss.com virus.
I am lucky enough to have Norton installed and it is dealing with it every time. I just hope that it hasn’t infected my system. I have reported it to my ISP but they tell me just to block the sender.
I sometimes get two a day and then nothing for over a week.
It really bugs me know.
Got one from Big@Boss.com this morning, scanned it, lo abd behold virus found, reported it to Yahoo and blocked any future e-mails.
Seems that this one is not going to go away, when will they start trying to find the sad individuals responsible for this nonsense?????
big@boss.com is nothing. just dont open files from anyone unless you know the senders. if you can not verify any data from the person that did send you the message just delete it.
remember when you have dought about a file best thing to do is to contact the person and ask for the origine of the file.
best regard
wormcatcher
I got the email from Big@boss.com and I opened it, but I scanned the attachment and it found a virus. Do I get the virus even if i didnt open the attachment? I just opened the email, am i ok?
I did a ‘Who Is’ search for the domain boss.com and the following is what turned up….
Boss Game Studios
Colin Gordon
15400 NE 90th ST Suite 300
Redmond, WA 98052
US
Phone: 425-556-0440
Fax..: 425-556-0547
Email: colin_gordon@bossgame.com
Does anybody know where to go to to report this idiot?
JD
Re JD’s post
The Virus isn’t likely to have anything to do with the “boss.com” domain. Most likely that domain name was picked by the virus writer either completely at random, or perhaps because they have something against the owner of boss.com.
I think I’m correct in saying that the virus will have been sent to you by someone with your email address in their Outlook address book. So it could be a friend, co-worker or whatever. It’ll be someone you’ve had contact with. They didn’t send it intentionally of course! They have received one of these virus emails and opened the attachement. That infected them, and the virus send out copies of itself to everyone in their address book!
What I want to know is, in the email headers, there’s an entry showing the IP address the mail was received from when my ISP’s mail server picked it up. *I think* this IP is the one the sender (i.e. friend/co-worker/whatever) was using at the time. If this is correct (NOTE – this is an assumption on my part!), then you could tracert that address. This might give you useful information; in my case, I can see what ISP the sender uses…. which at leasts limits down the people who could’ve sent it!
Best regards,
Peter.
Just got this one today, my mother called saying that her computer wouldn’t open this attachment from her boss (*laughs quietly*). We went through basic troubleshooting, yadda yadda, and I asked her what the filename was, thinking that she didn’t have the right kind of reader installed or whatnot… “something.pif”. BINGO! Sent her to Trend Micro’s Housecall site. It found it and cleaned it immediately. Here’s hoping that it does a good job. When I get back to work on Tuesday, I’ll make sure it’s not still running as a process, but I think it’s probably ok.
Has anyone found out exactly what the payload is? All I have gathered in the last few minutes of fact-finding is that it propigates itself through email. Is that it? Kinda lame for a virus.
Hallo
I received this Big@Boss Mail several times until today.
The first mail arrived about 4 months ago. Another mail followed two days later and anonther maybe one week later. I also searched for the sender – but no chance.
Then it went quiet. Now two weeks ago i got a mail from Big@boss again. Again with this little .pif File. 🙂
I am not sure if this is by purpose or not. But if the one who does this is reading my messsage now – then i want to tell you: send me more of your files – but please not always the same. 🙁 There are millions of viruses out there but you always send only this stupid worm. (sorbig)
Ok – so please next time a different one – or let it be.
Greets
Peter
Spotted the virus before I opened it. It’s still out there.
I am getting inundated with emails stating that I sent an email with the sobig virus, which of course I didn’t. Is there anyway to STOP all of these emails , as I have received hundreds over the past few days. I am using Macintosh.
I am a Yahoo! Mail user. There’s been maybe several times I received from the fuckin’ big@boss.com. It’s been unlucky of me to uncover the attachement sent along with: It could be the cause of damage that my comp syst had now! Second time I received this anonymous message again. Suspicious, I scanned it with norton anti-virus scan available. It proved! The file is not clean!
My advise is, always use an anti-virus scanner to scan any suspected unclean documents before you open it.
got a question:
some oe attachments i receive via email require opening several times in order to view – between 3 to 7 times. i’ll double click the attachment and receive the prompt to ‘open’ or ‘save.’ then click ‘open’ and i see yet another email window like the original w different addressees requiring me to double click the attachment once again. and again.
it’s a painful process. i believe the long history following these emails is causing the multiple open prompts. the offending emails last came from aol to me at socal.rr. i’ve asked the sender to remove each e-mail’s history prior to sending with no results. she’s either lazy and not doing it or it ain’t working. what can be done?
Cal Blair
E krstncal@socal.rr.com