-
Welcome to BirdForum, the internet's largest birding community with thousands of members from all over the world. The forums are dedicated to wild birds, birding, binoculars and equipment and all that goes with it.
Please register for an account to take part in the discussions in the forum, post your pictures in the gallery and more.
Sobig virus wreaks e-mail havoc (1 Viewer)
- Thread starter DaveN
- Start date
DaveN
Derwent Valley Birder
Sobig virus 'thwarted'
Security experts say they have contained the Sobig worm by identifying and blocking computers that are key to co-ordinating it.
Computer specialists cut off the worm's circulation by repairing 20 servers it was using to blast infected emails into users' inboxes around the world.
However, in China the virus was reported to be spreading very quickly, with one internet security firm in Beijing suggesting that 30% of computers may have already been infected.
Initial fears over an instruction in the worm's code to point infected machines to a server controlled by the virus writer between 1900 and 2200 GMT (2000-2300 BST) on Friday were unfounded.
Another instruction will repeat the request on Sunday at the same time and experts have again expressed concerns that a malicious program could be downloaded, but fears have largely subsided.
"There's a potential risk for Sunday, but I think it's really mitigated," said Chris Rouland, vice president for research and development at US-based Internet Security Systems.
All the network operators are aware they need to block these [servers the worm is expected to point to] now."
Some analysts fear the worm will instruct computers to download a file that could launch another virus or spam attack, collect sensitive information, or delete files stored on an infected computer or network.
Friday's instruction resulted in infected machines being re-directed to pornographic websites.
Chaos
The worm generated so much email that many inboxes are now completely full and are bouncing back new messages, which is only adding to the problems Sobig is causing.
Net giant AOL said it had stopped more than 23 million copies of the virus and email filtering firm MessageLabs said it had caught more than 3.5 million.
The worm has appeared in numerous forms with the Sobig F virus being the sixth variant of the malicious program which first appeared in January.
Security experts say the virus was probably written to order for spammers who want to find a way to spread their unwanted commercial e-mails without fear of being traced.
Hardest hit
Chinese web security firm, Beijing Rising Technology, said on Friday the Sobig F Worm had infected 30% of all e-mail users in the country.
This equates to some 20 million users in a country second only in its number of surfers to the United States.
The BBC's correspondent in Beijing, Francis Marcus, says there is scepticism over this figure, but added analysts agreed China's 68m Internet users had been "highly vulnerable" to attack.
Key reasons for this are firstly that only 60-70% had installed anti-virus software, according to Beijing Rising Technology.
Secondly, rampant piracy of software in the country and elsewhere means packages are not updated as often as they are intended to be because they are not commercially registered, our correspondent said.
"We've never seen anything like it," said Hao Ting, a spokeswoman for Beijing Rising Technology.
"People, who may not be totally aware of the danger, simply open their e-mail and don't discover it's a virus until it's too late."
China's National Computer Virus Emergency Centre describes the virus as "very serious."
Billy Boy
Security experts say they have contained the Sobig worm by identifying and blocking computers that are key to co-ordinating it.
Computer specialists cut off the worm's circulation by repairing 20 servers it was using to blast infected emails into users' inboxes around the world.
However, in China the virus was reported to be spreading very quickly, with one internet security firm in Beijing suggesting that 30% of computers may have already been infected.
Initial fears over an instruction in the worm's code to point infected machines to a server controlled by the virus writer between 1900 and 2200 GMT (2000-2300 BST) on Friday were unfounded.
Another instruction will repeat the request on Sunday at the same time and experts have again expressed concerns that a malicious program could be downloaded, but fears have largely subsided.
"There's a potential risk for Sunday, but I think it's really mitigated," said Chris Rouland, vice president for research and development at US-based Internet Security Systems.
All the network operators are aware they need to block these [servers the worm is expected to point to] now."
Some analysts fear the worm will instruct computers to download a file that could launch another virus or spam attack, collect sensitive information, or delete files stored on an infected computer or network.
Friday's instruction resulted in infected machines being re-directed to pornographic websites.
Chaos
The worm generated so much email that many inboxes are now completely full and are bouncing back new messages, which is only adding to the problems Sobig is causing.
Net giant AOL said it had stopped more than 23 million copies of the virus and email filtering firm MessageLabs said it had caught more than 3.5 million.
The worm has appeared in numerous forms with the Sobig F virus being the sixth variant of the malicious program which first appeared in January.
Security experts say the virus was probably written to order for spammers who want to find a way to spread their unwanted commercial e-mails without fear of being traced.
Hardest hit
Chinese web security firm, Beijing Rising Technology, said on Friday the Sobig F Worm had infected 30% of all e-mail users in the country.
This equates to some 20 million users in a country second only in its number of surfers to the United States.
The BBC's correspondent in Beijing, Francis Marcus, says there is scepticism over this figure, but added analysts agreed China's 68m Internet users had been "highly vulnerable" to attack.
Key reasons for this are firstly that only 60-70% had installed anti-virus software, according to Beijing Rising Technology.
Secondly, rampant piracy of software in the country and elsewhere means packages are not updated as often as they are intended to be because they are not commercially registered, our correspondent said.
"We've never seen anything like it," said Hao Ting, a spokeswoman for Beijing Rising Technology.
"People, who may not be totally aware of the danger, simply open their e-mail and don't discover it's a virus until it's too late."
China's National Computer Virus Emergency Centre describes the virus as "very serious."
Billy Boy
digi-birder
Well-known member
Something's happening again as my firewall is alerting me to attacks tonight. Not quite as bad as the other week when the Blaster worm was trying to get in, but I've definitely had more in the past half an hour than I normally get in a week.
Eddie, I believe that address book ruse using the aaaa at the top of your email addresses was a hoax. See:
http://hoaxinfo.com/virusprevent.htm
Eddie, I believe that address book ruse using the aaaa at the top of your email addresses was a hoax. See:
http://hoaxinfo.com/virusprevent.htm
digi-birder
Well-known member
Hi Mark,
Yes, could it be a conspiracy?
Yes, could it be a conspiracy?
digi-birder
Well-known member
I use Norton Internet Security virus scanner and firewall package.
I've had about 20 in the past hour. I normally don't get that in a week.
I've had about 20 in the past hour. I normally don't get that in a week.
digi-birder
Well-known member
The text of one of the alerts is:
Intrusion attempt detected from address 24.61.203.113 by rule "Default Block Backdoor/SubSeven Trojan horse".
Blocked further access for 30 minutes.
The IP address is different each time, but some are very similar.
Intrusion attempt detected from address 24.61.203.113 by rule "Default Block Backdoor/SubSeven Trojan horse".
Blocked further access for 30 minutes.
The IP address is different each time, but some are very similar.
digi-birder
Well-known member
It sounds like these are network testing pings from your ISP. Probably harmless, but I'm not sure if there are any that are suspect.
I don't get these, or at least I don't get warned about them. I would see if there are any settings you can alter in your firewall to reduce the number of warnings to only the bad ones.
I use Sygate a work so I will have a look when I get back tomorrow, although I don't remember seeing any of these in the last couple of weeks since I installed it.
I don't get these, or at least I don't get warned about them. I would see if there are any settings you can alter in your firewall to reduce the number of warnings to only the bad ones.
I use Sygate a work so I will have a look when I get back tomorrow, although I don't remember seeing any of these in the last couple of weeks since I installed it.
digi-birder
Well-known member
walwyn said:
Never been infected - with anything. Other than the common cold, that is!
I keep virus checker up to date and follow all the rules to avoid these bugs.
walwyn
Well-known member
Then you have nothing to worry about. Some hackers do a random scan of IP addresses looking for infected machines. There is no actual targeting involved just random sweeps.
Here is a demo of what SubSeven can do:
http://lockdowncorp.com/trojandemo.html
be aware though that they are trying to sell you something.
Here is a demo of what your computer says about you whenever you surf:
http://www.all-nettools.com/privacy/anon.htm
click the test 1 link at least.
Here is a demo of what SubSeven can do:
http://lockdowncorp.com/trojandemo.html
be aware though that they are trying to sell you something.
Here is a demo of what your computer says about you whenever you surf:
http://www.all-nettools.com/privacy/anon.htm
click the test 1 link at least.
Tannin
Common; sedentary.
Some basic rules which make you just about 100% virus-safe:
1: Don't ever use Microsoft Outlook or Outlook Express. Roughly 70% of all virus attacks are directly associated with Outlook.
2: Don't open attachments. If you absolutely, positively must open one, scan it first and (if at all possible) do it on a machine that doesn't matter. (We keep an old, slow Windows 98 machine here at the office especially for this task: if it gets infected, who cares? Wipe it clean and no harm done.)
3: Remove dangerous and useless software, Yes that's right, UNINSTALL it. There are three primary items which should be on your virus safety removal list: Outlook Express, the Windows Address Book, and the Windows Scripting Host. In Windows 98, you can remove all three in about 20 seconds by going to "add/remove programs" in the Windows control panel. This acton alone wil reduce your virus risk by approximately 80%. Getting rid of Outlook from Windows 2000 and Windows XP is, alas, a lot more difficult, but still possible. Microsoft have a page somewhere which tells you how to do it.
4: If you are on broadband, use a hardware firewall. A REAL firewall - not one of these toy ones that run under Windows. Think of it this way: you are having a party and you don't want uninvited guests, so you hire a security guard to check that everyone has an invitation. Where do you put your security guard? In the kitchen? Or do you lock all the windows and have the guard standing OUTSIDE the front door checking on the guests BEFORE they come inside? A software firewall is like a security guard that sits in your kitchen drinking tea all night. Anyone can get in and, if they are smart, they will never get caught. A real (i.e., hardware) firewall is either (a) a dedicated unit which looks a bit like an oversized moden and costs about $AU200, or (b) a second computer running a secure operating sustem (usually Linux or Free BSD). Any old computer will do, yes, even that old 16MB 486-100 you have out in the shed - and the software is free. All you need is two network cards. (These are a good idea even if you are not on broadband.)
5: Use a good anti-virus product. Norton's if you must (Nortons is competent but bloated, expensive and clumsy (like all current-generation Symantec products, or at least all the ones I have ever seen), PC-cilan, VET, AVG or any of several others if you prefer. I like PC-cillan myself, but everyone has their favourite. Please yourself about this. Don't run two - it's a really good way to cause a disaster. Anti-virus products, by their very nature, are required to break the rules of normal programming (in exactly the same way as a policeman is sometimes required to sneak around at night spying on people or drive faster than the speed limit). There is only a small risk of system instability from one "illegal" program (i.e., your anti-virus scanner). Two at the same time , however, is asking for trouble.
Notice that I listed having an an anti-virus scanner LAST out of five. That is no accident. Statistically, you are far, far safer running a non-Outlook email client on a system without the Windows Scripting Host or the Windows Address Book and no anti-virus software at all than you are running Outlook on a system that has the latest ani-virus program installed.
PS: I make my living doing this stuff, have done for many years. A good, simple rule to follow in computing, which will seldom see you wrong, is to ask any self-appointed "expert" which email client they recommend. If they say "Outlook", walk away and hire someone else - hopefully, someone who has more practical experience and common sense, and who knows something about security.
1: Don't ever use Microsoft Outlook or Outlook Express. Roughly 70% of all virus attacks are directly associated with Outlook.
2: Don't open attachments. If you absolutely, positively must open one, scan it first and (if at all possible) do it on a machine that doesn't matter. (We keep an old, slow Windows 98 machine here at the office especially for this task: if it gets infected, who cares? Wipe it clean and no harm done.)
3: Remove dangerous and useless software, Yes that's right, UNINSTALL it. There are three primary items which should be on your virus safety removal list: Outlook Express, the Windows Address Book, and the Windows Scripting Host. In Windows 98, you can remove all three in about 20 seconds by going to "add/remove programs" in the Windows control panel. This acton alone wil reduce your virus risk by approximately 80%. Getting rid of Outlook from Windows 2000 and Windows XP is, alas, a lot more difficult, but still possible. Microsoft have a page somewhere which tells you how to do it.
4: If you are on broadband, use a hardware firewall. A REAL firewall - not one of these toy ones that run under Windows. Think of it this way: you are having a party and you don't want uninvited guests, so you hire a security guard to check that everyone has an invitation. Where do you put your security guard? In the kitchen? Or do you lock all the windows and have the guard standing OUTSIDE the front door checking on the guests BEFORE they come inside? A software firewall is like a security guard that sits in your kitchen drinking tea all night. Anyone can get in and, if they are smart, they will never get caught. A real (i.e., hardware) firewall is either (a) a dedicated unit which looks a bit like an oversized moden and costs about $AU200, or (b) a second computer running a secure operating sustem (usually Linux or Free BSD). Any old computer will do, yes, even that old 16MB 486-100 you have out in the shed - and the software is free. All you need is two network cards. (These are a good idea even if you are not on broadband.)
5: Use a good anti-virus product. Norton's if you must (Nortons is competent but bloated, expensive and clumsy (like all current-generation Symantec products, or at least all the ones I have ever seen), PC-cilan, VET, AVG or any of several others if you prefer. I like PC-cillan myself, but everyone has their favourite. Please yourself about this. Don't run two - it's a really good way to cause a disaster. Anti-virus products, by their very nature, are required to break the rules of normal programming (in exactly the same way as a policeman is sometimes required to sneak around at night spying on people or drive faster than the speed limit). There is only a small risk of system instability from one "illegal" program (i.e., your anti-virus scanner). Two at the same time , however, is asking for trouble.
Notice that I listed having an an anti-virus scanner LAST out of five. That is no accident. Statistically, you are far, far safer running a non-Outlook email client on a system without the Windows Scripting Host or the Windows Address Book and no anti-virus software at all than you are running Outlook on a system that has the latest ani-virus program installed.
PS: I make my living doing this stuff, have done for many years. A good, simple rule to follow in computing, which will seldom see you wrong, is to ask any self-appointed "expert" which email client they recommend. If they say "Outlook", walk away and hire someone else - hopefully, someone who has more practical experience and common sense, and who knows something about security.
Surreybirder
Ken Noble
Tannin, I follow most of your advice--don't use Outlook, for example. No probs so far EXCEPT since I installed Norton Internet Security I've been having a lot of problems switching off my pc. It could be a coincidence but it used to shut down easily. Now I have to do 'ctrl' + 'alt' + 'delete' umpteen times and get lots of 'programme not responding' messages (though it does usually shut down in the end). Do you know if this is typical of NAV? (I use Windows 98 SE.)
Ken
Ken
