From Blaster to Nachi to Sobig -- More Havoc Predicted
Virus strains have turned more virulant in recent days as Blaster, then its socially engineered compliment Nachi, packed a second punch as it disguised itself as a fix to the Blaster or LovSan bug. Now Sobig, which earlier this week wreaked havoc on the Internet and has overtaken the Klez virus as one of the worst in history, stands to pack a second blast of ammunition. Anti-virus researchers have discovered that the Sobig worm is set to strike again at 3pm EDT today.
Computers infected with the Sobig.F virus are set to download an unknown executable file from one of 20 computers scattered across the Internet. The world-wide anti-virus community has been on a search to track down those computers and disconnect them from the Internet before the appointed hour strikes. So far, about half of them have been located and taken off line.
Security firm X-Force is recommending that systems administrators filter outbound UDP port 8998 for the following IP addresses:
Sobig.F uses a built-in SMTP engine to replicate itself by sending out infected emails containing copies of the virus. When a user opens the attached (pif or scr) executable file, the virus runs arbitrary code on the target machine. According to CERT, this worm can potentially compromise confidential information, or set up and run other services, such as open mail relays.
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
