Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SOBIG.F - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SOBIG.F
A new variant of the SOBIG worm is spreading fast.

Best practice to do now:

- update anti-virus scanners, both on desktops,
servers and security perimeters

- communicate safe email handling instructions to all users
(do not open unsolicited attachments, no matter
how tempting the instructions or title are)

- block incoming UDP ports 995 - 999

- block outgoing UDP ports 8998

- monitor for outgoing UDP port 123 traffic (used by NTP clients as well)
for signs of infection
This new variant is rather successful at spreading.

Read more at:

http://www.sarc.com/avcenter/venc/data/w32.sobig.f@mm.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561

http://www.sophos.com/virusinfo/analyses/w32sobigf.html

http://www.europe.f-secure.com/v-descs/sobig_f.shtml

Handlers

76 Posts

Sign Up for Free or Log In to start participating in the conversation!