|
A new variant of the SOBIG worm is spreading fast.
Best practice to do now: - update anti-virus scanners, both on desktops, servers and security perimeters - communicate safe email handling instructions to all users (do not open unsolicited attachments, no matter how tempting the instructions or title are) - block incoming UDP ports 995 - 999 - block outgoing UDP ports 8998 - monitor for outgoing UDP port 123 traffic (used by NTP clients as well) for signs of infection This new variant is rather successful at spreading. Read more at: http://www.sarc.com/avcenter/venc/data/w32.sobig.f@mm.html http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561 http://www.sophos.com/virusinfo/analyses/w32sobigf.html http://www.europe.f-secure.com/v-descs/sobig_f.shtml |
Handlers 76 Posts Aug 19th 2003 |
| Thread locked Subscribe |
Aug 19th 2003 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
