F-Secure Raises Sobig.B --Palyh-- Virus to Alert Level-1; Offers Free Tool to Clean Infected Computers; Map of Worldwide Virus Spread.Business Editors/High-Tech Writers SAN JOSE San Jose, city, United States San Jose (sănəzā`, săn hōzā`), city (1990 pop. 782,248), seat of Santa Clara co., W central Calif.; founded 1777, inc. 1850. , Calif.--(BUSINESS WIRE)--May 19, 2003 For the second time this month, F-Secure(R) Inc. posted a Level-1 virus alert -- this time for a new virus known as Sobig.B (also known as Palyh or Mankx) which has spread already to more than 80 countries worldwide since its discovery on Sunday. F-Secure has posted to its website a free software tool to clean computers infected with the Sobig.B virus, as well as a worldwide map documenting the virus' spread. The Sobig.B worm spreads via e-mail attachments and Windows network A local area network (LAN) made up of Windows clients and servers. Starting with Windows for Workgroups 3.1 in 1992, all versions of Windows have built-in networking. See Windows and NetBEUI network. shares. The e-mails sent by the worm pretend to come from support@microsoft.com and they contain the message text "All information is in the attached file". "It's important to remember that Microsoft's support department never sends out attachments," explains Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. The worm collects e-mail addresses from various files on the infected computer and sends the infected e-mails with variable subjects, content, filenames and file sizes. "The attachments sent by the worm are PIF (Program Information File) A data file in Windows 3.x and NT that stores window settings for DOS applications. It allows screen size, fonts and other options to be selected in order to customize the way the DOS app appears under Windows. executables -- normal users really never send these types of files," continues Hypponen. "Corporate companies should simply filter all PIF attachments at gateway level. Home users can use their Delete buttons instead." In addition to the e-mail spreading, Sobig.B will search for Windows machines within the infected Local Area Network and will try to copy itself to their Startup folder A Windows folder that contains pointers to applications (shortcuts) that are launched when Windows is started. See Win Startup folder. . This will fail unless users are sharing their Windows directories with write access -- a thing that should never be done. After spreading, Sobig.B will try to download additional code from a web page located at Geocities.com and run it. "There's been speculation that the Sobig.A virus was used by spammers to create anonymous gateways for sending spam e-mail messages," says Hypponen. "Perhaps that was the intention with Sobig.B too." F-Secure has been in touch with various security response organizations and has received confirmation from Geocities that the pages used by the worm have been closed. The Sobig.B worm won't spread for long. It has been programmed to stop spreading on the 31st of May, 2003 -- roughly in two weeks time. It will still continue to send infected e-mails from machines that have their clock set wrong. More information on the Sobig.B virus is available from the "Global Sobig.B Virus Information Center," available online at http://www.f-secure.com/sobig/. The page includes technical descriptions, images and real-time statistics on the worm. F-Secure has developed a free software tool which will clean Sobig.B - infected machines. The tool is posted for free download at ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.zip. Instructions for use are available at ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.txt. F-Secure's commercially available Anti-Virus products also can detect, stop and disinfect To remove the virus code that has attached itself to a legitimate file. Sometimes, the antivirus program cannot untangle the code, and the infected file has to be deleted. See quarantine. the Sobig.B worm. F-Secure Anti-Virus software anti-virus software n → Antivirensoftware f can be purchased from http://www.f-secure.com. About F-Secure F-Secure Corporation (HEX:FSC FSC See: Foreign Sales Corporation ) is the leading provider of centrally managed security solutions for the mobile enterprise. The company's award-winning products include antivirus, file encryption and network security solutions for major platforms from desktops to servers and from laptops to handhelds. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges Helsinki Exchanges (HEX) The Helsinki Exchanges (HEX Ltd., Helsinki Securities and Derivatives Exchange and Clearing House) was formed at the beginning of 1998 following the merger of the Helsinki Stock Exchange Ltd. and SOM Ltd. since November 1999. The company is headquartered in Helsinki, Finland, with the North American North American named after North America. North American blastomycosis see North American blastomycosis. North American cattle tick see boophilusannulatus. headquarters in San Jose, California San Jose (IPA: /ˌsænhoʊˈzeɪ/) is the third-largest city in California, and the tenth-largest in the United States. It is the county seat of Santa Clara County. , as well as offices in Germany, Sweden, Japan and the United Kingdom and regional offices in the USA. F-Secure is supported by a network of value added resellers See VAR. (company) value added reseller - (VAR, or "value added retailer") A company which sells something (e.g. computers) made by another company (an OEM) with extra components added (e.g. specialist software). and distributors in over 90 countries around the globe. Through licensing and distribution agreements, the company's security applications are available for the products of the leading handheld equipment manufacturers, such as Nokia and HP. Note to Editors: A screen image of the Sobig.B e-mail, as well as a worldwide map showing the spread of the virus are available at http://www.f-secure.com/sobig/. For the latest commentary, the following persons are available worldwide: Mikko Hypponen, Manager, Anti-Virus Research F-Secure Corporation Tel. +358 9 2520 5513 Email: Mikko.Hypponen@F-Secure.com Mikael Albrecht, Product Manager F-Secure Corporation Tel. +358 9 2520 5640 Email: Mikael.Albrecht@F-Secure.com Media contact in the USA: F-Secure Inc. Heather Deem, 675 N. First Street, 5th Floor San Jose, CA 95112 Tel +1 408 350 2178 Fax +1 408 938 6701 Email Heather.Deem@F-Secure.com Automatic Alert Notification: If you only wish to automatically receive our press releases concerning viruses, please go to http://www.F-Secure.com/news/subscribe.html and first unsubscribe To cancel a service. It is often possible to unsubscribe to an e-mail service by typing the word "unsubscribe" into a reply message. Contrast with subscribe. See opt-out. from press-english-interest@lists.F-Secure.com and then subscribe to Verb 1. subscribe to - receive or obtain regularly; "We take the Times every day" subscribe, take buy, purchase - obtain by purchase; acquire by means of a financial transaction; "The family purchased a new car"; "The conglomerate acquired a new company"; press-english-virus-announcement@lists.F-Secure.com (C) 2003 F-Secure, Inc. All Rights Reserved. F-Secure is a registered trademark of F-Secure Corporation. PersonalExpress and Security as a Service are trademarks of F-Secure Corporation. All other company and product names may be trademarks of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion