News Stay informed about the latest enterprise technology news and product updates.

Simple steps stem Sobig-F's progress

Administrators take note. Putting a halt to the progress of the Sobig-F worm is as simple as taking a few preventative measures outlined here.

Companies can take a few simple steps to prevent being infected by the mass-mailing Sobig-F worm, which appeared this morning on the Internet. These steps would also protect an enterprise against a host of other mass mailer worms.

Technically, Sobig-F is very similar to its predecessors. In fact, it is very similar to other worms this year. These tips highlight ways to be Sobig-F free.

Update, update, update: Updating antivirus signature files is the best protection against Sobig-F. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Sobig-F.

Consider restricting Web-based e-mail. Accessing Web-based messages often circumvents a company's antivirus protections. Experts have blamed Web-based e-mail as the vector worms have used to slither into enterprise networks.

Block files with .pif and .scr extensions at the gateway: Sobig-F is an executable that travels as an attachment to e-mail messages. The worm is saved as either a .pif or .scr file extension. Generally, companies don't need to let such files in as they don't have business uses. For example, Program Information Files (PIFs) are a deep file utility in Windows. It can also travel as a screensaver file (.scr).

Block specific subject lines: Content filtering software can be set to look for the subject lines used by Sobig-F. Chances are this shouldn't impact most businesses. Following are the subject lines used by Sobig-F:

Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie

Block specific filenames: Sobig-F arrives using various filenames. This too could be blocked to prevent infection. Following are the specific file names used by Sobig-F:


Educate your users about proper e-mail security. Often they are the best (or worst) line of defense against viruses. They need to know not to open an e-mail attachment unless sure of what it is -- even if it comes from someone they know. Sobig-F spoofs e-mail addresses so it can appear to come from someone legitimate.

Secure network file shares Sobig-F can spread by copying itself to Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.

FOR MORE INFORMATION: news exclusive: "Emergence of Sobig-F adds to malware mess" news exclusive: "Benevolent Nachi worm doing more harm than good"

Virus Alert -- Sobig-E Ask the Experts

FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the news team.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.