Skip to content
Tips for Tech

Tech Alert Briefing for 8/22/2003

From Blaster to Nachi to Sobig -- More Havoc Predicted

Virus strains have turned more virulant in recent days as Blaster, then its socially engineered compliment Nachi, packed a second punch as it disguised itself as a fix to the Blaster or LovSan bug.Now Sobig, which earlier this week wreaked havoc on the Internet and has overtaken the Klez virus as one of the worst in history, stands to pack a second blast of ammunition.Anti-virus researchers have discovered that the Sobig worm is set to strike again at 3pm EDT today.

Computers infected with the Sobig.F virus are set to download an unknown executable file from one of 20 computers scattered across the Internet.The world-wide anti-virus community has been on a search to track down those computers and disconnect them from the Internet before the appointed hour strikes.So far, about half of them have been located and taken off line.

Security firm X-Force is recommending that systems administrators filter outbound UDP port 8998 for the following IP addresses:

67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96

Sobig.F uses a built-in SMTP engine to replicate itself by sending out infected emails containing copies of the virus.When a user opens the attached (pif or scr) executable file, the virus runs arbitrary code on the target machine.According to CERT, this worm can potentially compromise confidential information, or set up and run other services, such as open mail relays.

Anti-virus maker Sophos has released a Sobig.F disinfection tool on their web site.



Critical Patch Issued for Internet Explorer

If you are using Internet Explorer to browse the Internet, versions 5.01, 5.5, 6.0,you need to know that Microsoft has issued a cumulative patch for two new vulnerabilities that are rated maximum severity.Get the patch from Microsoft by clicking here:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp

Previous Tech Alerts

First published on 08/21/2003

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Briefings

Briefing Archives