Article

Simple steps stem Sobig-F's progress

Edward Hurley, SearchSecurity.com News Writer

Companies can take a few simple steps to prevent being infected by the mass-mailing Sobig-F worm, which appeared this morning on the Internet. These steps would also protect an enterprise against a host of other mass mailer worms.

Technically, Sobig-F is very similar to its predecessors. In fact, it is very similar to other worms this year. These tips highlight ways to be Sobig-F free.

Update, update, update: Updating antivirus signature files is the best protection against Sobig-F. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Sobig-F.

Consider restricting Web-based e-mail. Accessing Web-based messages often circumvents a company's antivirus protections. Experts have blamed Web-based e-mail as the vector worms have used to slither into enterprise networks.

Block files with .pif and .scr extensions at the gateway: Sobig-F is an executable that travels as an attachment to e-mail messages. The worm is saved as either a .pif or .scr file extension. Generally, companies don't need to let such files in as they don't have business uses. For example, Program Information Files (PIFs) are a deep file utility in Windows. It can also travel as a screensaver file (.scr).

Block specific subject lines: Content filtering software can be set to look for the subject lines used by Sobig-F. Chances are this shouldn't impact most businesses.

    Requires Free Membership to View

Following are the subject lines used by Sobig-F:


Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie

Block specific filenames: Sobig-F arrives using various filenames. This too could be blocked to prevent infection. Following are the specific file names used by Sobig-F:


your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Educate your users about proper e-mail security. Often they are the best (or worst) line of defense against viruses. They need to know not to open an e-mail attachment unless sure of what it is -- even if it comes from someone they know. Sobig-F spoofs e-mail addresses so it can appear to come from someone legitimate.

Secure network file shares Sobig-F can spread by copying itself to Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Emergence of Sobig-F adds to malware mess"

SearchSecurity.com news exclusive: "Benevolent Nachi worm doing more harm than good"

Virus Alert -- Sobig-E

SearchSecurity.com Ask the Experts

FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: