SOBIG.F
A new variant of the SOBIG worm is spreading fast.
Best practice to do now:
- update anti-virus scanners, both on desktops,
servers and security perimeters
- communicate safe email handling instructions to all users
(do not open unsolicited attachments, no matter
how tempting the instructions or title are)
- block incoming UDP ports 995 - 999
- block outgoing UDP ports 8998
- monitor for outgoing UDP port 123 traffic (used by NTP clients as well)
for signs of infection
This new variant is rather successful at spreading.
Read more at:
http://www.sarc.com/avcenter/venc/data/w32.sobig.f@mm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561
http://www.sophos.com/virusinfo/analyses/w32sobigf.html
http://www.europe.f-secure.com/v-descs/sobig_f.shtml
Best practice to do now:
- update anti-virus scanners, both on desktops,
servers and security perimeters
- communicate safe email handling instructions to all users
(do not open unsolicited attachments, no matter
how tempting the instructions or title are)
- block incoming UDP ports 995 - 999
- block outgoing UDP ports 8998
- monitor for outgoing UDP port 123 traffic (used by NTP clients as well)
for signs of infection
This new variant is rather successful at spreading.
Read more at:
http://www.sarc.com/avcenter/venc/data/w32.sobig.f@mm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561
http://www.sophos.com/virusinfo/analyses/w32sobigf.html
http://www.europe.f-secure.com/v-descs/sobig_f.shtml
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments