|
|
|
|
06-26-2003, 01:35 AM
|
#1 |
New worm tactic.
I see someone has sent me a .zip file which contains a .pif file
which undoubredly comtains something that is not going to do my PC any good were it executed. Checking on McAfee I find it is W32/Sobig.e@MM. "This variant is similar to W32/Sobig.d@MM. The worm propagates via email and over network shares. It contains its own SMTP engine for constructing outgoing messages. The virus is sent in a ZIP archive, allowing it to bypass extension blocking rules. However, this requires the end user to perform extra steps in order to actually execute the virus." But they wil, l and it also propagates via Network shares so beware ! **** is about to happen. -- Jim Watt http://www.gibnet.com Jim Watt |
|
|
|
06-26-2003, 06:22 AM
|
#2 |
|
Posts: n/a
|
Re: New worm tactic.
"Jim Watt" <> wrote in message
news:... > I see someone has sent me a .zip file which contains a .pif file > which undoubredly comtains something that is not going to do > my PC any good were it executed. > > Checking on McAfee I find it is > > W32/Sobig.e@MM. > > "This variant is similar to W32/Sobig.d@MM. The worm propagates via > email and over network shares. It contains its own SMTP engine for > constructing outgoing messages. > > The virus is sent in a ZIP archive, allowing it to bypass extension > blocking rules. However, this requires the end user to perform extra > steps in order to actually execute the virus." > > But they wil, l and it also propagates via Network shares so beware ! > > **** is about to happen. > > > -- > Jim Watt http://www.gibnet.com Fortunately there are mail filtering applications (e.g.. Elron Software Message Inspector and/or Anti-Virus) capable of examining and if necessary blocking such attachments. Even if the file's extension has been changed. -- Best regards, Don Kelloway Commodon Communications Visit http://www.commodon.com to learn about the "Threats to Your Security on the Internet". Don Kelloway |
|
|
|
06-26-2003, 07:57 AM
|
#3 |
|
Posts: n/a
|
Re: New worm tactic.
On Thu, 26 Jun 2003 05:22:17 GMT, "Don Kelloway"
<> wrote: >"Jim Watt" <> wrote in message >news:.. . >> I see someone has sent me a .zip file which contains a .pif file >> which undoubredly comtains something that is not going to do >> my PC any good were it executed. >> >> Checking on McAfee I find it is >> >> W32/Sobig.e@MM. >> >> "This variant is similar to W32/Sobig.d@MM. The worm propagates via >> email and over network shares. It contains its own SMTP engine for >> constructing outgoing messages. >> >> The virus is sent in a ZIP archive, allowing it to bypass extension >> blocking rules. However, this requires the end user to perform extra >> steps in order to actually execute the virus." >> >> But they wil, l and it also propagates via Network shares so beware ! >> >> **** is about to happen. >> >> >> -- >> Jim Watt http://www.gibnet.com > > >Fortunately there are mail filtering applications (e.g.. Elron Software >Message Inspector and/or Anti-Virus) capable of examining and if necessary >blocking such attachments. Even if the file's extension has been changed. Its not that the extension has been changed, its really a .zip file However, you are right, the best point of defense is at the mail server. -- Jim Watt http://www.gibnet.com Jim Watt |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| worm hit county jail! | Chesucat | A+ Certification | 0 | 10-13-2003 02:50 AM |
| Re: Question about worm removal... | Ghost | A+ Certification | 7 | 09-16-2003 11:12 AM |
| Re: Question about worm removal... | natural_4u | A+ Certification | 2 | 09-15-2003 10:36 AM |
| Re: Question about worm removal... | Kenny | A+ Certification | 0 | 09-12-2003 12:13 AM |
| How is blaster worm transmited | Wetware | A+ Certification | 1 | 08-14-2003 05:50 AM |
