Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Power Outage Impact - Nachia Worm - Sobig F SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Power Outage Impact - Nachia Worm - Sobig F
Power Outage

Renesys published a very interesting paper detailing the impact of the power outage on connectivity in the North East.

http://www.renesys.com/news/index.html

Nachia Worm

The Nachia worm is still spreading fast. While this worm is frequently refered to as a 'good worm', it should be noted that the impact of this worm is worse than 'Blaster'. While this worm cleans up blaster infected machines, it causes network disrubtion due to its agressive pinging. Also, note that this virus will install a back door and it will scan for machines that are vulnerable to the WebDav IIS exploit. In so far, this worm may just remove the Blaster virus to protect itself, like many 'auto rooters' do.

Sobig F

Despite the best efforts of system admins world wide, users are still clicking on e-mail attachments. We strongly recommend attachment stripping on mail gateways. Please note, that the 'From' address is spoofed. Do not send auto replies to senders, as this will just worsen the email flood caused by Sobig F. As other Sobig variants, this one includes the ability to update the worm remotely, backdoors and a full set of other evilness.

Handlers

76 Posts

Sign Up for Free or Log In to start participating in the conversation!