Simple steps stem Sobig-F's progress

Administrators take note. Putting a halt to the progress of the Sobig-F worm is as simple as taking a few preventative measures outlined here.

Companies can take a few simple steps to prevent being infected by the mass-mailing Sobig-F worm, which appeared this morning on the Internet. These steps would also protect an enterprise against a host of other mass mailer worms.

Technically, Sobig-F is very similar to its predecessors. In fact, it is very similar to other worms this year. These tips highlight ways to be Sobig-F free.

Update, update, update: Updating antivirus signature files is the best protection against Sobig-F. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Sobig-F.

Consider restricting Web-based e-mail. Accessing Web-based messages often circumvents a company's antivirus protections. Experts have blamed Web-based e-mail as the vector worms have used to slither into enterprise networks.

Block files with .pif and .scr extensions at the gateway: Sobig-F is an executable that travels as an attachment to e-mail messages. The worm is saved as either a .pif or .scr file extension. Generally, companies don't need to let such files in as they don't have business uses. For example, Program Information Files (PIFs) are a deep file utility in Windows. It can also travel as a screensaver file (.scr).

Block specific subject lines: Content filtering software can be set to look for the subject lines used by Sobig-F. Chances are this shouldn't impact most businesses. Following are the subject lines used by Sobig-F:


Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie

Block specific filenames: Sobig-F arrives using various filenames. This too could be blocked to prevent infection. Following are the specific file names used by Sobig-F:


your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Educate your users about proper e-mail security. Often they are the best (or worst) line of defense against viruses. They need to know not to open an e-mail attachment unless sure of what it is -- even if it comes from someone they know. Sobig-F spoofs e-mail addresses so it can appear to come from someone legitimate.

Secure network file shares Sobig-F can spread by copying itself to Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Emergence of Sobig-F adds to malware mess"

SearchSecurity.com news exclusive: "Benevolent Nachi worm doing more harm than good"

Virus Alert -- Sobig-E

SearchSecurity.com Ask the Experts

FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close