W32.Sobig.E@mm Worm Spreading Rapidly 547
mabu writes "Apparently there is another worm spreading online. Symantec has upgraded its severity to 'category 3.' This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th, and searches users' machines for select files containing e-mail addresses that it uses to propagate itself."
Re:email will soon be rendered useless ? (Score:3, Informative)
Are you trying to say that not all filters would be capable of doing that?
Re:What Operating System? (Score:3, Informative)
Using Internet Traffic Data to Predict Worms? (Score:5, Informative)
I have been trying to do my own retrospective predection :) based on the data available at Internet Traffic Report [internettr...report.com]
As far as I can make out, all the US routers [internettr...report.com] are doing fine (green). The response time seems to have gone up a tad at 2am MST, but other than that I don't see anything unusual.
When I look at Asia [internettr...report.com], 5 out of the 21 routers are down (red) and the packet loss is up 2%. Does that mean, that the worm has hit Asia hard? I know this worm should clog up mainly mail servers, but I wonder how feasible it is to predict worm arrival/origin/etc based on this easily available information, assuming ofcourse that it's available realtime.
Re:Why Never Apple? (Score:1, Informative)
Also, by joining the *NIX family, OSX became part of a community that is more aware about patching systems against viri -- i.e., viri are less sucessful in the *NIX world because they have more knowledgable users working against them.
You're lucky that other Windows features aren't as easy as spreading an email virus is -- were that so Windows would be MUCH easier to use than OSX.
Postfix MTA Check For Sobig.E (Score:5, Informative)
Requires Postfix be built with PCRE support and is for Postfix 2.x versions. For Postfix 1.x versions you'll have to put that in body_checks.
Disclaimer: Use at your own risk. I *believe* this'll work, but, strangely enough, I haven't received any to be rejected yet!
Re:It doesn't matter what OS you run... (Score:3, Informative)
To quote the parent:
Actually, Gartner (love them or hate them) issued a report that companies should switch to anything other than Windows/IIS sometime last year after one of the IIS worms. MS may ignore a lot of things (like common sense), but it doesn't ignore lost revenue.
The thing that scares me is that these could easily be written by MS, for MS, so that when grandma calls them up because her ISP has blocked her machine, they can say, "that's a known (ahem)issue(ahem), you need to upgrade to Windows 2003SP1(Don't forget that EULA!), which is on sale this month for only $xxx. Oh, that means you'll also have to buy a new computer, or you can switch to MSN WebMail (or whatever the thing is called), and the first two months are free.
Re:Why Never Apple? (Score:1, Informative)
Re:yeah, I'm running Windows (Score:3, Informative)
More Traffic data in on (Score:3, Informative)
During all these events, a large Response time and Increased Packet loss is observed, as expected.
Observe that the Average Response time hit a peak simultaneously across all continents between 11:30am and 2:30am MST as noted earlier, which coincides with reports of the W32.Sobig.E@mm worm. It has since deteriorated, possibly indicating, either that the Worm has some throttling mechanism, which some worms use to prevent congestion from affecting their own propogation rate.
Either that, or we haven't seen the peak yet.
Re:A (very) nice virus again (Score:5, Informative)
have already seen a lot of it (Score:2, Informative)
We only have 16 or so users that are in the office and maybe another 4 or 5 that use our resources, but are pretty much never here.
Even with those, I have seen a fairly large increase in the number of our clients with the virus and then our virus scanning software reporting it getting sent to us.
Fortunately so far we seem to be clean of it, but I have added some filter EventSinks on our Exchange server to block out a wider range of attachment types.
This particular one is annoying since it has 4 types of attachments that we can't universally block and get away with (.txt,
I have fingers crossed that our anti-virus software on the Exchange server will keep up with it.
Re:Somebody angry at France? (Score:2, Informative)
Re:Somebody angry at France? (Score:2, Informative)
Re:have already seen a lot of it (Score:3, Informative)
Enjoy,
Virus Alert Notification (Score:3, Informative)
I would like to thank messagelabs [messagelabs.com], as they are always the first to notify about major virus outbreaks. Sophos [sophos.com] is a close second and is good about notifying about everyday viruses. Mcafee [nai.com]'s alerts are good, but usually alittle late, they only notify once it hits the news media. Symantec wants you to pay an outragous price for their virus alerts, and I doubt they give you only earlier warning than messagelabs or sophos which provide the service for FREE. Symantec is becoming the Microsoft of Virus vendors, they're trying to spread out everywhere now in the security field, buying up companies left and right. Their quality of product is going down because they don't use a google.com like motto "do one thing and do it well" which they use todo. But their automated virus removal tools are still pretty good. IMHO
If you would like to sign up to messagelabs's great early warning notification service go here [messagelabs.com].
If you want Sophos excellent everyday notification about all virus's go here [sophos.com].
If you would like to get McAfee's avertlabs notifications, go here [nai.com].
or you can just checkout my virus posts on the security-forum.com [security-forums.com], but I only post the major outbreaks because there are TOO MANY viruses out there to post every single one.