 |
 |
 |
|
Just when you had thought it could not get any worse - NOW we are being warned that computer users face a Second Attack from the Sobig F Worm.
If you are reading about this worm for the first time. Read my article for an update on what it is and how to get rid of it if YOUR PC has become infected:
http://www.updatexp.com/sobig-worm-f.html
To put the problem into some sort of context, AOL is commenting that is has stopped more than 23 million copies of the worm... And that is just ONE email service provider!
Also, Sobig-F has caught out a lot of people in China. About 20 million PC's have been infected by the virus according to figures collected by a leading Chinese security firm based in Beijing. And that is just ONE country!
So What's The Urgency?
Well not ONLY are we having to face deleting the enormous amount of email the Sobig F worm is generating...
(Before I setup some filters to block the Sobig-F worm emails. My web based email account was completely full EVERY 30 minutes and bouncing back new messages, so adding to the email chaos!)
The Sobig F Worm filling my inbox!
BUT, now we face the hidden danger of a second wave attack! And it is scheduled to occur this weekend!
So What Is Going To Happen?
If YOUR PC has been infected by the Sobig-F worm, the worm will attempt to download code from the Internet and then run it on YOUR computer.
This will occur on:
Friday 22nd August 2003
Sunday 24th August 2003
Between: 19:00-22:00 GMT.
---
This means the times for attack are:
United Kingdom 8:00pm - 11:00pm
USA:
Los Angeles 12 noon - 3:00pm
Boston 3:00pm - 6:00pm
Berlin 9:00pm - 12:00 midnight
Far East:
Sydney 5:00am - 8:00am (Saturday and Monday)
Hong Kong 3:00am - 6:00am (Saturday and Monday)
Tokyo 4:00am - 7:00am (Saturday and Monday)
Please note that because of time differences the attack will take place on Saturday and Monday for PC's in the Far East.
What Is This "Code" Going To Do?
The short answer is that NOBODY knows UNTIL the attack happens!
There is much speculation though, that what may happen is the Sobig-F worm will download some code that will allows Spammers to turn YOUR computer into a "relay" for their commercial SPAM.
In other words, YOUR computer will be used to flood the Internet with even MORE messages telling us how we can get: "a university degree", "generic Viagra" or visit "unsavoury" websites for our entertainment!
But because we do not know what is going to happen, it MAY be something far worse...
At the times listed above, the worm sends data from infected computers to a number of remote systems on UDP port 8998:
- 12.158.102.205
- 12.232.104.221
- 218.147.164.29
- 24.197.143.132
- 24.202.91.43
- 24.206.75.137
- 24.210.182.156
- 24.33.66.38
- 61.38.187.59
- 63.250.82.87
- 65.177.240.194
- 65.92.186.145
- 65.92.80.218
- 65.93.81.59
- 65.95.193.138
- 66.131.207.81
- 67.73.21.6
- 67.9.241.67
- 68.38.159.161
- 68.50.208.96
These IP addresses are in the process of trying to be shutdown!
What Do I Do Now?
If you have been infected then go to the website of your Antivirus software company and:
1) Follow their instructions on how to temporarily turn off System Restore (XP users only)..
2) Download the latest virus definitions being offered by your Antivirus company..
3) Follow their instructions on how to STOP the Trojan process..
4) Follow their instructions on how to scan your system and delete the Sobig worm..
---
Or you could try the sobig worm removal tool from Sophos.
If you DO NOT have an anti virus running on your PC the get one now!
Even the FREE Antivirus software from www.grisoft.com is good enough...
YOU need to know if YOU have been infected!
---
5) Make sure YOU have a FIREWALL installed on YOUR PC. A good one is available from www.zonealarm.com
My personal advice is DO NOT use the Firewall built into Windows XP as these commercial products from companies like Zone Labs are much more robust.
I also suggest you configure YOUR Firewall software to block outgoing connection attempts to UDP port 8998 - This is the PORT that the worm will try and download the code from
6) Update your PC with the latest security updates for your operating system NOW. Click Here
NB - If you run a company, have gone home but left any PC's on. Contact your IT staff immediately for advice and reassurance...
Final Comments:
We live in a world where many of us, and our companies, use the Internet and Email to communicate. Sadly there are MANY individuals (and groups) who think nothing of writing Viruses, Worms, Trojans AND them releasing them onto us all...
The events of the last two weeks have hit many home users and business alike, those who were unprepared for the MSBlast, Nachi (Welchi) and Sobig-F worms...
YET this did NOT have to be this way. Taking Security seriously, would have prevented these worms making victims of so many computers.
Think safety, think:
Antivirus Software
---
Computer Updates
---
Firewall
---
I hope this article helps YOU!
Regards
Marc Liron
marc@updatexp.com
Been Hit By The Blaster Worm?
---
Need MORE info on Windows XP?
Then YOU
need this Newsletter...
- Windows XP News
- Windows XP Tips & Scams
- Patch Update News
- Info on Internet Explorer and Outlook Express
- Windows Media Player Plugin Reviews...!
- And so much
more......
Get regular Windows XP news and tips -
make XP work the way YOU want it to work!
Windows XP Articles
- SPAM
- Messenger Service Spam - FIX
FREE Windows XP Tip for getting rid of this annoying Spam! Print it or Download the media file which talks you through it!
-
Problem
Installing Patches? "Cryptographic Service Error"
A Great article explaining the Cryptographic Service Error message in Windows XP!
-
Windows Media Player 9 - Review Article
Windows Media Player 9 has some GREAT improvements over previous versions - Find Out More...
The views on this website are my
own and not that of Microsoft.
I am not responsible for the content of any sites linked to.
ALL information is provided "As Is"
This page was last updated 22nd August 2003
Home Page | Privacy Policy | Windows XP Tips | About Me
This article is on the sobig worm attack (W32/Sobig-F)...
|
www.updatexp.com - Marc Liron - 2003 |