Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

W32.Sobig.F@mm - updated statistics

Symantec Security Response - W32.Sobig.F@mm - updated statistics

Here's the latest updates on W32.Sobig.F@mm from the Symantec Security Response experts: Symantec Security Response has received a total of 6,031 submissions, of which, 654 are corporate submissions and 5,377 are consumer infections.

The worm deactivates on September 10, 2003.

The last day the worm will spread is September 9, 2003. However, the deactivation date applies only to the mass-mailing, network propagation, and e-mail address collection routines.

This means that a W32.Sobig.F@mm infected computer, will still attempt to download updates from the respective list of master servers during the associated trigger period (19:00 to 22:00 UTC), even after the infection deactivation date. Previous variants of Sobig exhibited similar behaviour.

Outbound udp traffic was observed on August 22 coming from systems infected with both Sobig.E and Sobig.F. However the target IP addresses were either not responding, taken offline or contained not executable content i.e. a link to a adult site.

W32.Sobig.F@mm uses a technique known as "email spoofing," by which the worm randomly selects an address it finds on an infected computer. For more information on e-mail spoofing, see the "Technical Details" outlined in the write up located at http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

Advertisement - scroll to continue reading

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.