| |||
|
|
||
|
|||
| |
|
Home > Security News > Simple steps stem Sobig-F's progress |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
|||||||||||||||||||||||||
Companies can take a few simple steps to prevent being infected by the mass-mailing Sobig-F worm, which appeared this morning on the Internet. These steps would also protect an enterprise against a host of other mass mailer worms. Technically, Sobig-F is very similar to its predecessors. In fact, it is very similar to other worms this year. These tips highlight ways to be Sobig-F free. Update, update, update: Updating antivirus signature files is the best protection against Sobig-F. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Sobig-F. Consider restricting Web-based e-mail. Accessing Web-based messages often circumvents a company's antivirus protections. Experts have blamed Web-based e-mail as the vector worms have used to slither into enterprise networks. Block files with .pif and .scr extensions at the gateway: Sobig-F is an executable that travels as an attachment to e-mail messages. The worm is saved as either a .pif or .scr file extension. Generally, companies don't need to let such files in as they don't have business uses. For example, Program Information Files (PIFs) are a deep file utility in Windows. It can also travel as a screensaver file (.scr). Block specific subject lines: Content filtering software can be set to look for the subject lines used by Sobig-F. Chances are this shouldn't impact most businesses. Following are the subject lines used by Sobig-F: Your details Thank you! Re: Thank you! Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie Block specific filenames: Sobig-F arrives using various filenames. This too could be blocked to prevent infection. Following are the specific file names used by Sobig-F: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif Educate your users about proper e-mail security. Often they are the best (or worst) line of defense against viruses. They need to know not to open an e-mail attachment unless sure of what it is -- even if it comes from someone they know. Sobig-F spoofs e-mail addresses so it can appear to come from someone legitimate. Secure network file shares Sobig-F can spread by copying itself to Windows network shares. Companies need to make sure access to network shares is controlled and well-documented. FOR MORE INFORMATION: SearchSecurity.com news exclusive: "Emergence of Sobig-F adds to malware mess" SearchSecurity.com news exclusive: "Benevolent Nachi worm doing more harm than good" SearchSecurity.com Ask the Experts FEEDBACK: How do you prioritize your patching processes?
|
|
|
|
|||||||||||||||||||||||
| ||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
