Announcement

Collapse
No announcement yet.

W32.sobig surge

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #16
    Finally got a surge here, but handled them smoothly;

    1. set up NAV to delete virus attachments

    2. the virus laden mail has a common sentence in the body:

    "see the attached file for details."

    I have set my spam filter to delete mail with this in the body.

    Between the two legit, but infected, mail passes absent the infected attachment but the auto-mailed junk doesn't.

    Dr. Mordrid
    Dr. Mordrid
    ----------------------------
    An elephant is a mouse built to government specifications.

    I carry a gun because I can't throw a rock 1,250 fps

    Comment

    • #17
      That is exactly the system I'm using now.
      I'm actually filtering all of the infected messages into our Spam folder so I can keep track.
      Currently since 5:30pm yesterday to now (3:30pm) we've had 89 such infected messages - pretty impressive.
      It cost one penny to cross, or one hundred gold pieces if you had a billygoat.
      Trolls might not be quick thinkers but they don't forget in a hurry, either

      Comment

      • #18
        Originally posted by Paulr
        That is exactly the system I'm using now.
        I'm actually filtering all of the infected messages into our Spam folder so I can keep track.
        Currently since 5:30pm yesterday to now (3:30pm) we've had 89 such infected messages - pretty impressive.
        89 thats nothing. One poor user had 241 delivered in one working day another 143.
        Chief Lemon Buyer no more Linux sucks but not as much
        Weather nut and sad git.

        My Weather Page

        Comment

        • #19
          And now this

          From: http://www.dslreports.com/shownews/31663

          Worm carries hidden payload
          Hidden attack instructions buried in the code of the prodigious Sobig.F virus has security experts scared stiff. The worm, which has been flinging junk e-mail at inboxes at record speeds this week, apparently carries an encrypted hidden payload initially overlooked by many security analysts. As a result, Sobig.F infected machines have silently synchronized their clocks with the atomic clock (Colorado's master time keeping system), and are scheduled to unpack their whallop in unison across the globe, at 3pm EST today.


          t-minus 2 minutes and counting.......
          Last edited by SitFlyer; 22 August 2003, 11:58.

          Comment

          • #20
            According to F-Secure the virus will try to connect to one of 20 IP-adresses to load new destructive code today

            Not found | F‑Secure
            http://www.f-secure.com/news/items/news_2003082200.shtml


            A list of this adresses can be found here (german).

            Mail-Wurm Sobig.F versucht nachzuladen [Update]
            http://www.heise.de/newsticker/data/pab-22.08.03-000/
            Antiviren-Spezialisten warnen davor, dass der Sobig.F-Wurm möglicherweise neue Komponenten aus dem Internet lädt und noch weiteren Schaden verursachen könnte.


            Heise recommends to block these IP-adresses and also block
            ports 991 - 999 for incomming and port 8998 for outgoing UDP
            traffic.

            Hati

            Comment

            • #21
              Good hopefully it will format all the machines infected with the msblaster virus. Should take out over 120 machines on our network.
              Chief Lemon Buyer no more Linux sucks but not as much
              Weather nut and sad git.

              My Weather Page

              Comment

              • #22
                Over a thousand this morining alone... This sux. The company hosting our servers is working on a fix... Makes me wonder if we need to move our stuff.

                Jeff
                -We stop learning when We die, and some
                people just don't know They're dead yet!

                Member of the COC!
                Minister of Confused Knightly Defence (MCKD)

                Food for thought...
                - Remember when naps were a bad thing?
                - Remember 3 is the magic number....

                Comment

                • #23
                  Originally posted by Duty
                  Over a thousand this morining alone... This sux. The company hosting our servers is working on a fix... Makes me wonder if we need to move our stuff.

                  Jeff
                  Is that a thousand emails or a thousand infected machines ??

                  If it's infected machines your company needs to look at a new head of IT and let him/she enforce the securty on the network. Now some cigar smoking wally on the board.
                  Chief Lemon Buyer no more Linux sucks but not as much
                  Weather nut and sad git.

                  My Weather Page

                  Comment

                  • #24
                    26th August.
                    Still on about one hundred infected mails a day coming in - oh the end is nigh!
                    It cost one penny to cross, or one hundred gold pieces if you had a billygoat.
                    Trolls might not be quick thinkers but they don't forget in a hurry, either

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X