Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   New worm tactic. (http://www.velocityreviews.com/forums/t296617-new-worm-tactic.html)

Jim Watt 06-26-2003 12:35 AM

New worm tactic.
 
I see someone has sent me a .zip file which contains a .pif file
which undoubredly comtains something that is not going to do
my PC any good were it executed.

Checking on McAfee I find it is

W32/Sobig.e@MM.

"This variant is similar to W32/Sobig.d@MM. The worm propagates via
email and over network shares. It contains its own SMTP engine for
constructing outgoing messages.

The virus is sent in a ZIP archive, allowing it to bypass extension
blocking rules. However, this requires the end user to perform extra
steps in order to actually execute the virus."

But they wil, l and it also propagates via Network shares so beware !

**** is about to happen.


--
Jim Watt http://www.gibnet.com

Don Kelloway 06-26-2003 05:22 AM

Re: New worm tactic.
 
"Jim Watt" <jimwatt@aol.no.way> wrote in message
news:2cfkfvomig1c1mgnifkh1eld2vj5dbo6j7@4ax.com...
> I see someone has sent me a .zip file which contains a .pif file
> which undoubredly comtains something that is not going to do
> my PC any good were it executed.
>
> Checking on McAfee I find it is
>
> W32/Sobig.e@MM.
>
> "This variant is similar to W32/Sobig.d@MM. The worm propagates via
> email and over network shares. It contains its own SMTP engine for
> constructing outgoing messages.
>
> The virus is sent in a ZIP archive, allowing it to bypass extension
> blocking rules. However, this requires the end user to perform extra
> steps in order to actually execute the virus."
>
> But they wil, l and it also propagates via Network shares so beware !
>
> **** is about to happen.
>
>
> --
> Jim Watt http://www.gibnet.com



Fortunately there are mail filtering applications (e.g.. Elron Software
Message Inspector and/or Anti-Virus) capable of examining and if necessary
blocking such attachments. Even if the file's extension has been changed.


--
Best regards,
Don Kelloway
Commodon Communications

Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".



Jim Watt 06-26-2003 06:57 AM

Re: New worm tactic.
 
On Thu, 26 Jun 2003 05:22:17 GMT, "Don Kelloway"
<dkelloway@commodon.com> wrote:

>"Jim Watt" <jimwatt@aol.no.way> wrote in message
>news:2cfkfvomig1c1mgnifkh1eld2vj5dbo6j7@4ax.com.. .
>> I see someone has sent me a .zip file which contains a .pif file
>> which undoubredly comtains something that is not going to do
>> my PC any good were it executed.
>>
>> Checking on McAfee I find it is
>>
>> W32/Sobig.e@MM.
>>
>> "This variant is similar to W32/Sobig.d@MM. The worm propagates via
>> email and over network shares. It contains its own SMTP engine for
>> constructing outgoing messages.
>>
>> The virus is sent in a ZIP archive, allowing it to bypass extension
>> blocking rules. However, this requires the end user to perform extra
>> steps in order to actually execute the virus."
>>
>> But they wil, l and it also propagates via Network shares so beware !
>>
>> **** is about to happen.
>>
>>
>> --
>> Jim Watt http://www.gibnet.com

>
>
>Fortunately there are mail filtering applications (e.g.. Elron Software
>Message Inspector and/or Anti-Virus) capable of examining and if necessary
>blocking such attachments. Even if the file's extension has been changed.


Its not that the extension has been changed, its really a .zip file

However, you are right, the best point of defense is at the mail
server.
--
Jim Watt http://www.gibnet.com


All times are GMT. The time now is 12:40 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.