Five days after its first appearance, the W32/Sobig-A worm continues
to cause problems. Sophos has received an increasing number of
request for information about how to protect against the worm.
The email always has the following address in its 'From' field:
big@boss.com, but its subject line is randomly chosen. Its infected
attachment is a .PIF file that can have one of four names. If
opened, it copies itself to a Windows folder as an .EXE, searches
the Windows local hard drive and tries to extract a list of
recipient email addresses to which the worm will attempt to send
infected emails.
"Today's viruses travel fast, and the Sobig worm is no
exception." said Carole Theriault, anti-virus consultant at Sophos.
"Everyone should always treat attachments with suspicion. Configure
your anti-virus gateway protection to block all executable file
types from even entering a company. Putting this in place will
significantly lower your chances of infection by a mass-mailing
worm masquerading as an innocent attachment."
If you have not already protected against W32/Sobig, Sophos
strongly recommends you update all installations of Sophos
Anti-Virus in your company.
How to avoid infection in the future
Update your corporate anti-virus software now so that you can
detect and prevent the W32/Sobig-A worm. If you
do not have procedures for rapid updates, implement them now,
because you are sure to need them again. Sophos Enterprise Manager is one way to help
automate protection updates inside your company.
If possible, block all Windows programs at your email gateway.
Some email applications can be configured to do this. It is rarely
necessary to allow users to receive programs via email. There is so
little to lose, and so much to gain, simply by blocking all
mailed-in programs, regardless of whether they contain viruses or
not. Sophos MailMonitor for SMTP
contains pro-active threat reduction technology which can help you
block dangerous filetypes and executable code at the email
gateway.
Many viruses have exploited loopholes in commonly used web
browsers and email software (e.g. Internet Explorer, Outlook and
Outlook Express) to increase their chances of spreading
effectively. Microsoft has issued a patch which addresses this and
other vulnerabilities, and it can be downloaded from www.microsoft.com/technet/security/bulletin/MS01-027.asp.
Every IT manager responsible for security should consider
subscribing to vulnerability mailing lists such as that operated by
Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp.
Other vendors offer similar services.
If you are a home user you may like to consider visiting
windowsupdate.microsoft.com, a site run by
Microsoft, which can automatically scan your computer for
vulnerabilities and suggest which security patches need to be
downloaded.
Mehr als 100 Millionen Anwender in 150 Ländern verlassen sich auf Sophos als den besten Schutz vor komplexen IT-Bedrohungen und Datenverlust. Sophos bietet dafür Security- and Data-Protection-Lösungen an, die einfach zu verwalten, zu installieren und einzusetzen sind und dabei die branchenweit niedrigste Total Cost of Ownership bieten. Sophos bietet preisgekrönte Verschlüsselungs- und Endpoint-Security-Produkte, darüber hinaus Lösungen für Web- und E-Mail-Sicherheit sowie Network Access Control (NAC). Das Angebot wird von einem weltweiten Netzwerk eigener Analysezentren, den SophosLabs, unterstützt. Mit mehr als 20 Jahren Erfahrung gehört Sophos laut den Top-Analystenhäusern zu den führenden Unternehmen für IT-Sicherheit und Datenschutz und hat zahlreiche Branchenauszeichnungen erhalten.
Sophos hat seinen Hauptsitz in Boston, USA, und Oxford, Großbritannien. In Deutschland ist das Unternehmen in Wiesbaden und in Österreich sowie der Schweiz je an einem Standort vertreten. Weitere Informationen unter: www.sophos.de.