Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > New worm tactic.

Reply
Thread Tools

New worm tactic.

 
 
Jim Watt
Guest
Posts: n/a
 
      06-26-2003
I see someone has sent me a .zip file which contains a .pif file
which undoubredly comtains something that is not going to do
my PC any good were it executed.

Checking on McAfee I find it is

W32/Sobig.e@MM.

"This variant is similar to W32/Sobig.d@MM. The worm propagates via
email and over network shares. It contains its own SMTP engine for
constructing outgoing messages.

The virus is sent in a ZIP archive, allowing it to bypass extension
blocking rules. However, this requires the end user to perform extra
steps in order to actually execute the virus."

But they wil, l and it also propagates via Network shares so beware !

**** is about to happen.


--
Jim Watt http://www.gibnet.com
 
Reply With Quote
 
 
 
 
Don Kelloway
Guest
Posts: n/a
 
      06-26-2003
"Jim Watt" <> wrote in message
news:...
> I see someone has sent me a .zip file which contains a .pif file
> which undoubredly comtains something that is not going to do
> my PC any good were it executed.
>
> Checking on McAfee I find it is
>
> W32/Sobig.e@MM.
>
> "This variant is similar to W32/Sobig.d@MM. The worm propagates via
> email and over network shares. It contains its own SMTP engine for
> constructing outgoing messages.
>
> The virus is sent in a ZIP archive, allowing it to bypass extension
> blocking rules. However, this requires the end user to perform extra
> steps in order to actually execute the virus."
>
> But they wil, l and it also propagates via Network shares so beware !
>
> **** is about to happen.
>
>
> --
> Jim Watt http://www.gibnet.com



Fortunately there are mail filtering applications (e.g.. Elron Software
Message Inspector and/or Anti-Virus) capable of examining and if necessary
blocking such attachments. Even if the file's extension has been changed.


--
Best regards,
Don Kelloway
Commodon Communications

Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".


 
Reply With Quote
 
 
 
 
Jim Watt
Guest
Posts: n/a
 
      06-26-2003
On Thu, 26 Jun 2003 05:22:17 GMT, "Don Kelloway"
<> wrote:

>"Jim Watt" <> wrote in message
>news:.. .
>> I see someone has sent me a .zip file which contains a .pif file
>> which undoubredly comtains something that is not going to do
>> my PC any good were it executed.
>>
>> Checking on McAfee I find it is
>>
>> W32/Sobig.e@MM.
>>
>> "This variant is similar to W32/Sobig.d@MM. The worm propagates via
>> email and over network shares. It contains its own SMTP engine for
>> constructing outgoing messages.
>>
>> The virus is sent in a ZIP archive, allowing it to bypass extension
>> blocking rules. However, this requires the end user to perform extra
>> steps in order to actually execute the virus."
>>
>> But they wil, l and it also propagates via Network shares so beware !
>>
>> **** is about to happen.
>>
>>
>> --
>> Jim Watt http://www.gibnet.com

>
>
>Fortunately there are mail filtering applications (e.g.. Elron Software
>Message Inspector and/or Anti-Virus) capable of examining and if necessary
>blocking such attachments. Even if the file's extension has been changed.


Its not that the extension has been changed, its really a .zip file

However, you are right, the best point of defense is at the mail
server.
--
Jim Watt http://www.gibnet.com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Experts Warn of Kama Sutra Worm (yet another MS worm) Imhotep Computer Security 4 01-30-2006 01:53 PM
Worm\Spybot (P2P-Worm.Win32.SpyBot.a) Danny Computer Information 0 08-14-2005 01:09 PM
worm/spybot.17.t (worm spybot 17t) detected by AVG code_wrong Computer Security 0 05-15-2004 04:40 PM
Antigen found VIRUS= I-Worm.Sobig.f (Kaspersky,CA(InoculateIT)) worm ANTIGEN_ML-MAIL Ruby 0 09-09-2003 07:11 PM
New anti-blaster worm attempts to fix RPC/DCOM vuln - W32/Nachi.worm Lord Shaolin Computer Security 6 08-20-2003 10:39 PM



Advertisments
 



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57