NEW worm spreading fast - W32/Sobig-F

[Marc Liron]

In case you are NOT already aware....

There is a new worm that has been spreading fast around
the Internet ALL day.

Called the Sobig Worm... This variant is a new strain and
had been labelled
W32/Sobig-F

It can allow files to be downloaded to your PC and
executed.

PLEASE do not open ANY attachment with an extension ending
in

..PIF or .SCR

There are even examples of this worm hiding inside .ZIP
files too.

For more information read:

http://www.updatexp.com/sobig-worm-f.html


Kind Regards

Marc Liron
www.updatexp.com
~~~~~~~~~~~~~~~~~~~~~~
The home of the talking XP
Newsletter!
~~~~~~~~~~~~~~~~~~~~~~

 

[michelle]

will normal AV protection prevent these worms getting through...or are they
able to bypass them?
Michelle--
WHEN CSA GET IT WRONG...NACSA PUT IT RIGHT!!! www.nacsa.co.uk 0870 240 3343
Disclaimer: the content of this email is based upon information supplied and
is subject to errors and omissions.

 

[Guest]

I have my WinXP firewall on (it has proven to be adequate).
I have my Antivirus running (it looks like it is a good one too).
I have done all the WinXP updates (I am not stupid, nor lazy).

Don't worry, I am not going to ask whether my OS is 32 or 64 bits in a
couple of days :
- yes I can read already given answers to questions !
- no I am not lazy : I read first available answers and then post my problem
!
Only those who drive a car without knowing what a car is, are in danger
(again).

 

[Guest]

See my post in this same threat.

will normal AV protection prevent these worms getting through...or are they
able to bypass them?
Michelle--
WHEN CSA GET IT WRONG...NACSA PUT IT RIGHT!!! www.nacsa.co.uk 0870 240 3343
Disclaimer: the content of this email is based upon information supplied and
is subject to errors and omissions.

 

[Randall Arnold]

Same "threat"? LOL... an ironic error.

; )

Randall Arnold

 

[Steve Nielsen]

will normal AV protection prevent these worms getting through...or are they
able to bypass them?

Depends on the worm. Previous variants of Sobig worm have been
intercepted and quarantined by Symantec A/V and I assume by Norton A/V
as well (since they use the same deffiles).

In the case of Blaster I believe a/v programs were unable to intercept
it initially but this shuold have changed by now.

Better safe than sorry - keep a/v up to date, use anitspyware regularly,
and install a firewall.

Steve

 

[Knack]

Virus Alert


An internet virus, W32/Sobig.f@MM, is currently spreading through email
systems. This virus was released in the wild a few hours ago and we have
already seen a large number of infected emails at our mail gateway.
Currently, it is classified as a MEDIUM risk by McAfee.

The W32/Sobig.F virus attempts to propagate itself to email addresses found
on the local system. The worm propagates via email and contains its own SMTP
engine for constructing outgoing messages. The virus infected email includes
a PIF attachment ("your_document.pif" and others). The sender of the virus
is normally spoofed, possibly arriving from someone you know.

The message containing the Sobig.F virus has the following characteristics.
If you receive a similar message, delete it immediately. Do NOT launch the
file attachment.

Subject:
Re: Thank you!
Re: Details
Re: Re: My Details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie

Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.pif
movie0045.pif

As common practice, you should verify all file attachments with the sender
before opening, keep your virus protection up-to-date, and scan your entire
computer on a regular basis.

The minimum versions of McAfee needed to detect and clean W32/Sobig.F are:
Engine: 4.2.60
Virus Definitions: 4287

To find out if you have these versions, right click on the VShield icon in
your system tray and select About. Depending on your configuration, you may
already have the latest versions installed. The latest virus protection
files can be download from the following locations:

from McAfee:
http://a64.g.akamai.net/7/64/2015/2003-08-19-7-34-19-300/download.nai.com/pr
oducts/licensed/superdat/english/intel/sdat4287.exe
Internet Explorer 5: Select Run this program
from its current location and click OK.
Internet Explorer 6: Click Open.

The following links contain additional information about W32/Sobig.F:
http://vil.nai.com/vil/content/v_100561.htm

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F