New MassMailing Virus - Sober.C; Limit Exposure During Breaks; Upcoming Repeat Virus Outbreaks
New Mass-Mailing Virus - Sober.C
A new variant of the mass-mailing virus, Sober, has started spreading on the Internet over the weekend. As it sends email in German and English based on domain name of the infected computer, this poses a bit smarter social engineering tactics that we may see in the future. The links below are references to the virus from the major Antivirus vendors. More details can be be gathered from these reports.
References:
http://www.sarc.com/avcenter/venc/data/w32.sober.c@mm.html
http://www3.ca.com/virusinfo/virus.aspx?ID=37823
http://www.datafellows.com/v-descs/sober_c.shtml
http://www.kaspersky.com/news.html?id=2861377
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100912
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=42896&sind=0
http://www.sophos.com/virusinfo/analyses/w32soberc.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBER.C
______________________________________________________________________________
Limiting Exposure During Holiday Breaks
As a last minute recommendation, please consider turning off non-critical computers during the holiday break. This limits the amount of exposure you may have while network and security personnel are away from the office.
Those in Academia are especially prone for having intrusions during this time of year due to their traditionally open environments. But corporate environments should also consider this as a prime time for internal threats.
Consider working on an appropriate policy concerning office computers (and other non critical systems) during extended breaks when you return from the holidays.
______________________________________________________________________________
Upcoming Repeat Virus Outbreaks
In the next week, many families will add a new computer to their households. These computers may be fairly up to date with patches from OEMs, or may be horribly outdated. In the next few weeks, expect more virus activity originating from broadband connections. In January, much of this virus activity will move into SOHO and corporate environments via mobile users. Academic environments will be close behind as students return to campus with their new computers as well. So expect that Welchia(Nachi), Blaster, Sobig, Mimail, and many of the virii from 2003 to return to the limelight in the next few weeks.
Computing staff in the academic world should spend the first few days after the holiday finding an appropriate plan to allow these computers access to the network securely. If you have a method of deploying patches to your users without violating EULA of the common products on your campus, then start preparing for the moment when the ResNet users return to school.
In the Microsoft Windows world, It is recommended that in addition to the major service patch release for the Operating System available from
http://www.microsoft.com/technet/security/bulletin/tpsrvpck.asp
that you push for the following patches be installed before allowing on the campus network.
http://www.microsoft.com/technet/security/Bulletin/MS03-039.asp
http://www.microsoft.com/technet/security/Bulletin/MS03-049.asp
This would also be a good opportunity for educational opportunities concerning strong passwords, anti-virus software, and automated patching.
--- Scott Fendley
A new variant of the mass-mailing virus, Sober, has started spreading on the Internet over the weekend. As it sends email in German and English based on domain name of the infected computer, this poses a bit smarter social engineering tactics that we may see in the future. The links below are references to the virus from the major Antivirus vendors. More details can be be gathered from these reports.
References:
http://www.sarc.com/avcenter/venc/data/w32.sober.c@mm.html
http://www3.ca.com/virusinfo/virus.aspx?ID=37823
http://www.datafellows.com/v-descs/sober_c.shtml
http://www.kaspersky.com/news.html?id=2861377
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100912
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=42896&sind=0
http://www.sophos.com/virusinfo/analyses/w32soberc.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBER.C
______________________________________________________________________________
Limiting Exposure During Holiday Breaks
As a last minute recommendation, please consider turning off non-critical computers during the holiday break. This limits the amount of exposure you may have while network and security personnel are away from the office.
Those in Academia are especially prone for having intrusions during this time of year due to their traditionally open environments. But corporate environments should also consider this as a prime time for internal threats.
Consider working on an appropriate policy concerning office computers (and other non critical systems) during extended breaks when you return from the holidays.
______________________________________________________________________________
Upcoming Repeat Virus Outbreaks
In the next week, many families will add a new computer to their households. These computers may be fairly up to date with patches from OEMs, or may be horribly outdated. In the next few weeks, expect more virus activity originating from broadband connections. In January, much of this virus activity will move into SOHO and corporate environments via mobile users. Academic environments will be close behind as students return to campus with their new computers as well. So expect that Welchia(Nachi), Blaster, Sobig, Mimail, and many of the virii from 2003 to return to the limelight in the next few weeks.
Computing staff in the academic world should spend the first few days after the holiday finding an appropriate plan to allow these computers access to the network securely. If you have a method of deploying patches to your users without violating EULA of the common products on your campus, then start preparing for the moment when the ResNet users return to school.
In the Microsoft Windows world, It is recommended that in addition to the major service patch release for the Operating System available from
http://www.microsoft.com/technet/security/bulletin/tpsrvpck.asp
that you push for the following patches be installed before allowing on the campus network.
http://www.microsoft.com/technet/security/Bulletin/MS03-039.asp
http://www.microsoft.com/technet/security/Bulletin/MS03-049.asp
This would also be a good opportunity for educational opportunities concerning strong passwords, anti-virus software, and automated patching.
--- Scott Fendley
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments