WSO Newsletter - August 2003
======================> WSO Newsletter <======================
h t t p : / / w w w . w s o . n e t
August 2003 ISSUE: 071
1. Miva Software Upgraded Again
2. Sobig.f virus, Spam and wso.net
-> Useful WSO Links
Newsletter Back Issues - http://www.wso.net/news.htm
Referral Program - http://www.wso.net/referral.htm
Tech Support - http://www.wso.net/support.htm
-> ARTICLE #1: Miva Software Upgraded Again ====================
Miva Empresa and the Miva Virtual Machine have been upgraded to
the newest versions available. This should provide the most
stable Miva environment possible to date.
This Miva software is the "engine" that runs Miva scripts and
the Miva Merchant e-commerce software.
Current Engine Versions:
Empresa (non-compiled .mv): 3.9700
Virtual Machine (compiled .mvc): 4.1000
In addition, all Miva Commerce libraries have been upgraded.
NOTE: If you are a Miva Merchant user be sure you have the
latest modules available. Look at the left side-bar on the
following web page: http://www.miva.com/docs/
-> ARTICLE #2: Sobig.f virus, Spam and wso.net =================
The Sobig virus has hit everyone hard. The impact on a web host
is multiplied hundreds of times because of all the additional
When Sobig.f hit we quickly installed filters in our e-mail
system to simply refuse connections from other mail servers
if they tried to send one of our users the virus. These filters
still allowed those same mail servers to send legitimate e-mail.
On top of the Sobig virus, wso.net was the target of a forged
spam "attack." Spammers have the ability to forge the FROM
address of any spam they send. They can pick any e-mail address
they like, there is no verification in the current SMTP
An "ingenious" spammer probably figured out that if the FROM
address on the spam was made to appear to be coming from a
legitimate and respectable domain, then there would be less
chance that it would flagged as spam.
Unfortunately the wso.net domain name was used in the forged
FROM address of thousands of spam e-mails. The "attack" lasted
about two days. Then something strange started happening.
Apparently computers infected with the Sobig.f virus received
some of this forged spam. Sobig then picked up the forged FROM
address and begin sending out virus laden e-mails using the
forged address. So now not only were people receiving spam that
looked like it came from us, they were now receiving e-mails
with viruses attached!
Let it be clear that wso.net never sent ANY of these messages.
wso.net's web servers and office computers were never infected
and no spam originated from wso.net.
Fortunately things are calming down. People are getting their
computers inoculated from Sobig and the forged e-mails are
becoming less and less frequent, at least for wso.net. There
are hundreds of other companies who have been taken advantage
of in the same way. Luckily wso.net received very few complaints
and was never put on any spam blacklists because of the
For a fantastic article on the Sobig virus, please read the
Some people who receive forged e-mails come to our web
site to see who we are. We wrote this web page for them:
(c) Copyright 1995-2003, All Rights Reserved
the Web Space Outlet