OT-Fw: Sophos: How to protect against Sobig-F second wave attack

Subject: OT-Fw: Sophos: How to protect against Sobig-F second wave attack
From: "Roger Swalley" r*@colfax.com
Date: Fri, 22 Aug 2003 09:19:52 -0700
List-archive: <http://www.hort.net/lists/pumpkins/> (Web Archive)

Roger , Colfax  WA
----- Original Message ----- 
From: "Sophos Alert System" <emergency-return@lists.sophos.com>
To: <emergency@lists.sophos.com>
Sent: Friday, August 22, 2003 6:26 AM
Subject: Sophos: How to protect against Sobig-F second wave attack


> SOPHOS ADVISES ON HOW TO PROTECT AGAINST SOBIG-F SECOND WAVE ATTACK
> 
> 
> Sophos researchers have published information on a second
> wave attack which the Sobig-F worm may attempt to make
> in the coming hours.
> 
> On infected PCs, Sobig-F will attempt to download code from
> the internet and then run it on the computer.  This occurs
> on Fridays and Sundays at 19:00-22:00 GMT.  This equates
> to the following times in different parts of the world:
> 
> Los Angeles    12 noon -  3:00pm
>      Boston    3:00pm  -  6:00pm
>      London    8:00pm  - 11:00pm
>      Berlin    9:00pm  - 12:00 midnight
>   Hong Kong    3:00am  -  6:00am (Saturday and Monday)
>       Tokyo    4:00am  -  7:00am (Saturday and Monday)
>      Sydney    5:00am  -  8:00am (Saturday and Monday)
> 
> (Note that because of time differences, the attempt
> to download code will happen on Saturdays and Mondays
> in the Far East and Australasia).
> 
> The worm has been programmed to automatically direct infected
> PCs to a server controlled by the virus writer from which a
> malicious program could be downloaded. At the moment, it is
> not known what the download material will do, but
> possibilities include launching another virus or spam
> attack, collecting sensitive information, or deleting
> files stored on an infected computer or network.
> 
> More details on how to prevent the download happening on
> your computers, and information on how to clean-up
> a Sobig infection, are available at the following urls:
> 
>   http://www.sophos.com/virusinfo/analyses/w32sobigf.html
>   http://www.sophos.com/sobig
>   http://www.sophos.com/virusinfo/articles/sobigextra.html
> 
> 
> 
> HOW TO AVOID INFECTION IN THE FUTURE
> 
> If you have not already protected against W32/Sobig-F,
> Sophos strongly recommends you update all installations of
> Sophos Anti-Virus in your company.
> 
> Update your corporate anti-virus software now so that
> you can detect and prevent the W32/Sobig-F worm. If you
> do not have procedures for rapid updates, implement them
> now, because you are sure to need them again. Sophos
> Enterprise Manager is one way to help automate protection
> updates inside your company.  More details are availble at:
> 
>   http://www.sophos.com/products/em/
> 
> 
> Ensure you are signed-up to Sophos's email list for
> notification of every new virus found in the wild.
> 
>   http://www.sophos.com/virusinfo/infofeed/
> 
> 
> If possible, block all Windows programs at your email gateway.
> Some email applications can be configured to do this. It is
> rarely necessary to allow users to receive programs via email.
> There is so little to lose, and so much to gain, simply by
> blocking all mailed-in programs, regardless of whether they
> contain viruses or not. Sophos MailMonitor for SMTP contains
> pro-active threat reduction technology which can help you
> block dangerous filetypes and executable code at the email
> gateway.  More details are available at:
> 
>   http://www.sophos.com/products/mm/
> 
> 
> Sophos also recommends companies consider adding Sophos's free
> virus infofeed to their public websites or intranet to keep
> their users informed of the very latest virus threats.  The
> feeds are simple to add and easy to configure, ensuring you
> always have up-to-the-minute information.
> 
> Read more about our virus and hoax info feeds at:
> 
>   http://www.sophos.com/virusinfo/infofeed/
> 
> 
> 
> Regards
> 
> Sophos Technical Support
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, email: emergency-unsubscribe@lists.sophos.com
> For additional commands, email: emergency-faq@lists.sophos.com

---------------------------------------------------------------------
Pumpkin-growing archives: http://www.hort.net/lists/pumpkins/
To sign-off this list, send email to majordomo@hort.net with the
message text UNSUBSCRIBE PUMPKINS

Prev by Date: Re: Pumpkin Festivals and Weighoffs....please help
Next by Date: OT-Sophos virus analysis W32-Sobig-F
Previous by thread: Is it done - update
Next by thread: OT-Sophos virus analysis W32-Sobig-F

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index