Sobig.F

Discussion in 'Windows Desktop Systems' started by Smoke286, Aug 20, 2003.

  1. Smoke286

    Smoke286 Smokeater

    Messages:
    314
    Location:
    Canada
    what is happening, this must be the worst week ever for viruses, is there a fix out for this one yet, or a belated patch from Microsoft?
     
  2. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    This was an email I received today about this worm

     
  3. Tiesto

    Tiesto OSNN Addict

    Messages:
    112
    Run AV and Ad-Aware, done.
     
  4. Smoke286

    Smoke286 Smokeater

    Messages:
    314
    Location:
    Canada
    This is what bothers me, I have all the recommended software, a good firewall, top notch AV protection, all up to date and MS automatic updates enabled, yet I still got the last one, whats next?
     
  5. Enyo

    Enyo Moderator

    Messages:
    1,338
    Sobig does not use the DCOM expolit nor is a blaster varient. There is not patch as there is not security hole. This is just a mass-mailer that we should all be used to by now ;)

    Keep your AV up to date and you should be fine against the mass of blaster varients doing the rounds.

    Your AV protection may not be so top notch as it slipped in, what are you using?

    Technical Details:

    http://sarc.com/avcenter/venc/data/w32.sobig.f@mm.html

    Something interesting to note:

    "The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003."

    Does Ad-Aware detect this? It's just yet another mass mailer, again why are the AAW team taking on worms? They are not a AV vendor.

    Edit: I went and checked. The added detection for blaster was a one off due to the nature of the threat. AAW does not detect SoBig or any other worm it should not be used to verifiy a clean system.
     
  6. Smoke286

    Smoke286 Smokeater

    Messages:
    314
    Location:
    Canada
    Norton 2003 Pro
     
  7. Terrahertz

    Terrahertz Extinction Agenda Political User Folding Team

    Messages:
    972
    Location:
    New York
    Yeah we got it here in a few machines at work. [people just like to open anything:confused: ] But symantec enterprise new updates found it and where now running the removal tools.
     
  8. Enyo

    Enyo Moderator

    Messages:
    1,338
    And it missed it? :eek:
     
  9. Tiesto

    Tiesto OSNN Addict

    Messages:
    112
    Ad Aware is doing the job that AV should be doing.
     
  10. Enyo

    Enyo Moderator

    Messages:
    1,338
    Hardly, it detects one worm, has no sense of heuristics, has no runtime unpacker, cant prevent infection only detect and remove it.

    A AV does the job of a AV. AAW detects adware and spyware and one worm, lets not mistake it for something its not.
     
  11. Tiesto

    Tiesto OSNN Addict

    Messages:
    112
    Ad Aware goes above and beyond what its supposed to be used for by detecting and cleaning the virus. I think AV companies need to be more efficent with their products is all.
     
  12. Enyo

    Enyo Moderator

    Messages:
    1,338
    Above and beyond? It detects one worm and a couple of its variants! And it did not offer that until it was ITW.

    Main stream AVs had detections out way advanced of AAW, in most cases same day or before it was highly distributed ITW.

    My AV detects 72765 and has heuristics capability on-top of that, pretty efficient IMO.

    Anyway my point was AAW is not intended to be used to remove viruses, its engine though capable of doing so was not built for it. Also it does not detect sobig.
     
  13. Smoke286

    Smoke286 Smokeater

    Messages:
    314
    Location:
    Canada
    Thats right it missed it, it did however detect it AFTER I installed the Microsoft Patch, which was not installed on my machine even though I had automatic updates activated