![]() |
Sophos researchers have published information on a second
wave attack which the Sobig-F worm may attempt to make in the coming hours. On infected PCs, Sobig-F will attempt to download code from the internet and then run it on the computer. This occurs on Fridays and Sundays at 19:00-22:00 GMT. This equates to the following times in different parts of the world: Los Angeles 12 noon - 3:00pm Boston 3:00pm - 6:00pm London 8:00pm - 11:00pm Berlin 9:00pm - 12:00 midnight Hong Kong 3:00am - 6:00am (Saturday and Monday) Tokyo 4:00am - 7:00am (Saturday and Monday) Sydney 5:00am - 8:00am (Saturday and Monday) (Note that because of time differences, the attempt to download code will happen on Saturdays and Mondays in the Far East and Australasia). The worm has been programmed to automatically direct infected PCs to a server controlled by the virus writer from which a malicious program could be downloaded. At the moment, it is not known what the download material will do, but possibilities include launching another virus or spam attack, collecting sensitive information, or deleting files stored on an infected computer or network. More details on how to prevent the download happening on your computers, and information on how to clean-up a Sobig infection, are available at the following urls: http://www.sophos.com/virusinfo/analyses/w32sobigf.html http://www.sophos.com/sobig http://www.sophos.com/virusinfo/articles/sobigextra.html HOW TO AVOID INFECTION IN THE FUTURE If you have not already protected against W32/Sobig-F, Sophos strongly recommends you update all installations of Sophos Anti-Virus in your company. Update your corporate anti-virus software now so that you can detect and prevent the W32/Sobig-F worm. If you do not have procedures for rapid updates, implement them now, because you are sure to need them again. Sophos Enterprise Manager is one way to help automate protection updates inside your company. More details are availble at: http://www.sophos.com/products/em/ Ensure you are signed-up to Sophos's email list for notification of every new virus found in the wild. http://www.sophos.com/virusinfo/infofeed/ If possible, block all Windows programs at your email gateway. Some email applications can be configured to do this. It is rarely necessary to allow users to receive programs via email. There is so little to lose, and so much to gain, simply by blocking all mailed-in programs, regardless of whether they contain viruses or not. Sophos MailMonitor for SMTP contains pro-active threat reduction technology which can help you block dangerous filetypes and executable code at the email gateway. More details are available at: http://www.sophos.com/products/mm/ Sophos also recommends companies consider adding Sophos's free virus infofeed to their public websites or intranet to keep their users informed of the very latest virus threats. The feeds are simple to add and easy to configure, ensuring you always have up-to-the-minute information. Read more about our virus and hoax info feeds at: http://www.sophos.com/virusinfo/infofeed/ Regards Sophos Technical Support |
All times are GMT +1. The time now is 04:55 PM. |
© 2024 MH Sub I, LLC dba Internet Brands