Companies can take a few simple steps to prevent being infected by the mass-mailing Sobig-F worm, which appeared this morning on the Internet. These steps would also protect an enterprise against a host of other mass mailer worms.
Technically, Sobig-F is very similar to its predecessors. In fact, it is very similar to other worms this year. These tips highlight ways to be Sobig-F free.
Update, update, update: Updating antivirus signature files is the best protection against Sobig-F. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Sobig-F.
Consider restricting Web-based e-mail. Accessing Web-based messages often circumvents a company's antivirus protections. Experts have blamed Web-based e-mail as the vector worms have used to slither into enterprise networks.
Block files with .pif and .scr extensions at the gateway: Sobig-F is an executable that travels as an attachment to e-mail messages. The worm is saved as either a .pif or .scr file extension. Generally, companies don't need to let such files in as they don't have business uses. For example, Program Information Files (PIFs) are a deep file utility in Windows. It can also travel as a screensaver file (.scr).
Block specific subject lines: Content filtering software can be set to look for the subject lines used by Sobig-F. Chances are this shouldn't impact most businesses. Following are the subject lines used by Sobig-F:
Re: Thank you!
Re: Re: My details
Re: Your application
Re: Wicked screensaver
Re: That movie
Block specific filenames: Sobig-F arrives using various filenames. This too could be blocked to prevent infection. Following are the specific file names used by Sobig-F:
Educate your users about proper e-mail security. Often they are the best (or worst) line of defense against viruses. They need to know not to open an e-mail attachment unless sure of what it is -- even if it comes from someone they know. Sobig-F spoofs e-mail addresses so it can appear to come from someone legitimate.
Secure network file shares Sobig-F can spread by copying itself to Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.
FOR MORE INFORMATION:
FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.