Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sobig-F hybernation

Published: 2003-09-09
Last Updated: 2003-09-09 14:08:21 UTC
by Handlers (Version: 1)
0 comment(s)
Today will be the last day for Sobig-F to propagate. While it will no
longer send e-mail to spread, Sobig-F will not uninstall and infected
systems continue to be vulnerable to future upgrades via the backdoor
installed by Sobig-F.

As a reminder: If you are using a virus scanner on your mail server,
please make sure that it does not send notifications to the senders
of infected e-mails. Most recently released worms, including Sobig,
use fake "From" headers. As a result, notification e-mails can flood
innocent bystanders and cause considerable pain to mail systems.

Based on Sobig's history, a new version may be released soon. Insure
your users are aware not to click on ANY unsolicited attachments.

Recent Office vulnerabilities may open new vectors for viruses to
spread. Update vulnerable systems as soon as possible. The vulnerabilities
affect essentially all versions of Microsoft Office and Microsoft Works.
For Office updates see:
These patches will not be offered by Windows Update.
0 comment(s)
Diary Archives