Companies can take a few simple steps to prevent being infected by the mass-mailing Sobig-F worm, which appeared...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
this morning on the Internet. These steps would also protect an enterprise against a host of other mass mailer worms.
Technically, Sobig-F is very similar to its predecessors. In fact, it is very similar to other worms this year. These tips highlight ways to be Sobig-F free.
Update, update, update: Updating antivirus signature files is the best protection against Sobig-F. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Sobig-F.
Consider restricting Web-based e-mail. Accessing Web-based messages often circumvents a company's antivirus protections. Experts have blamed Web-based e-mail as the vector worms have used to slither into enterprise networks.
Block files with .pif and .scr extensions at the gateway: Sobig-F is an executable that travels as an attachment to e-mail messages. The worm is saved as either a .pif or .scr file extension. Generally, companies don't need to let such files in as they don't have business uses. For example, Program Information Files (PIFs) are a deep file utility in Windows. It can also travel as a screensaver file (.scr).
Block specific subject lines: Content filtering software can be set to look for the subject lines used by Sobig-F. Chances are this shouldn't impact most businesses. Following are the subject lines used by Sobig-F:
Re: Thank you!
Re: Re: My details
Re: Your application
Re: Wicked screensaver
Re: That movie
Block specific filenames: Sobig-F arrives using various filenames. This too could be blocked to prevent infection. Following are the specific file names used by Sobig-F:
Educate your users about proper e-mail security. Often they are the best (or worst) line of defense against viruses. They need to know not to open an e-mail attachment unless sure of what it is -- even if it comes from someone they know. Sobig-F spoofs e-mail addresses so it can appear to come from someone legitimate.
Secure network file shares Sobig-F can spread by copying itself to Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.
FOR MORE INFORMATION:
FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.