|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
7 |
 |
Members:
0 |
 |
Total:
7 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
EldAztek
Posts:0
 |
| 08/20/2003 9:40 PM |
|
| What Is It?
The W32/Sobig.f@MM worm, a variant of the W32/Sobig@MM worm from a few months ago is running rampant on the Internet. Though I usually barely notice even massive virus and worm attacks, I count 15 in my Inbox right now, all arriving within the last hour or so. This new variant was first reported two days ago. Like its predecessors, this variant propagates by mass mailing and by network shares.
Infected messages have a variety of subjects including the following, and possibly others.
Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
I have seen all of the above subjects in my own mail today.
The attachments have various names, but the important point is that it is a .PIF file. If you have Outlook Express version 6, Outlook 20002, or Outlook 2000 with the Outlook E-Mail Security Patch installed, the attachment will be blocked by your mail program unless you also have the MailSafe feature of ZoneAlarm enabled. If so, the attachment will come through as a .ZMW file, which ZoneAlarm and Outlook will do their best to prevent you from opening.
Like most recent worms, and all of the Sobig predecessors, this worm spoofs the return address, making it very difficult to identify the real sender and uses its own mail engine to spread itself.
What Should I Do?
Never open unexpected attachments, even if they appear to come from a friend whom you trust. They probably came from a stranger.
Never open any attachment that has an extension that starts with a Z and is accompanied by an icon that looks like the ZoneAlarm icon. Any such file is an attachment that ZoneAlarm has flagged as probably dangerous. If you have ZoneAlarm installed, its icon appears in the right end of the task bar, near the clock.
Disable file and printer sharing unless you really need it. If you must run file and printer sharing, unbind it from TCP/IP. For more on this subject, please refer to http://www.leedrake.com/forum/topic.asp?TOPIC_ID=374 on the VirusWarning 'Forums Web site.
Better yet, get a good hardware firewall and install it. The authors have used and tested the Linksys BEFSR41 firewall, and the Netgear RP334 firewall. Both provide good protection, and will protect you from this threat. I know from personal experience that the Linksys router is ready to go out of the box for most people. If it needs any adjustment, it will most likely be for a special situation and you will already know what to do.
References
http://www.leedrake.com/forum/topic.asp?TOPIC_ID=374 discusses routers and file and printer sharing services in a different, but related context.
http://vil.nai.com/vil/content/v_100561.htm is the article at Network Associates (McAfee) about this worm.
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html is the Symantec article on the worm.
This concludes this VirusWarn message.
David Gray
P6 Consulting
V: +1 (972) 751-0254
TZ: USA Central, GMT -5
E: mailto:dagray@p6c.com
W: http://www.p6c.com
VirusWarning Mailing List Info: http://www.leedrake.com/virus_notification.htm
Eternal vigilance is the price of peace - and security.
|
|
|
|
|
EldAztek
Posts:0
|
| 08/20/2003 9:40 PM |
|
| What Is It?
Shortly after I sent the last message about the W32/Siobig worm, I got a call from fellow list moderator Brett Rabideau, who called to my attention another phenomenon that can occur as a side effect of this and other worms. My employee Sue just sent me an example for comment. Some of the newer spam killer software has the ability to "bounce" messages that it "thinks" are spam or viruses. Usually, they strip part or all of the attachment and return a message that appears at first glance to be an authentic "bounce" message from a mail server.
What Should I Do?
If you receive a message that appears to be a "bounce" message from a person to whom you have not sent a message within the last day or so, or if it shows an unfamiliar subject such as "my details" as did the message that Sue got, discard it. There is no point contacting the person or organization shown as the sender, as it is almost certainly a spoofed (forged, invalid) address.
This concludes this VirusWarn message.
David Gray
P6 Consulting
V: +1 (972) 751-0254
TZ: USA Central, GMT -5
E: mailto:dagray@p6c.com
W: http://www.p6c.com
VirusWarning Mailing List Info: http://www.leedrake.com/virus_notification.htm
Eternal vigilance is the price of peace - and security.
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|