Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Internet Security Industry News

Sobig virus still rampaging around the Web
Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

December 1st, 2003

The Sobig virus is still rampaging around the Web, two months after the virus was supposed to have terminated itself. E-mail security firm MessageLabs said Friday that Sobig was the third most active virus in November, with some 264,000 copies being detected by its e-mail virus-scanning servers.

Although this activity is well below the virus's peak, it is still surprising as Sobig--like several other members of the Sobig family--contained a built-in shutdown date that was supposed to prevent it propagating after Sept. 10. Sobig.F's continued proliferation is due to a combination of factors, including the successful efforts that prevented it wreaking even more havoc and the fact that many PCs are set to the wrong date, according to MessageLabs.

The first Sobig virus appeared in January and was followed by many variants. Sobig.F was first detected on Aug. 19. It propagated by e-mail and caused massive disruption to corporate networks, but its real purpose was to take over computers. Once infected by Sobig, a PC would periodically link to 20 Web servers that had been individually hacked by the virus author and try to download a file. Some experts believe this downloaded code could have precipitated a massive denial-of-service attack, but this was foiled because the compromised servers were taken offline in time.

MessageLabs said that this may have prevented some copies of Sobig.F from terminating themselves. "The plug was pulled on the target servers before the PCs that were infected by Sobig could download the final bit of code," said Paul Wood, principal information security analyst at MessageLabs.

"Once that file had been downloaded and the PC was at the final stage, they would have stopped propagating more copies of Sobig.F to avoid anyone spotting the fact that they'd already been compromised." Instead, Wood said, PCs infected with Sobig.F are still spreading the virus and aren't checking the date. Because of the built-in shutoff mechanism, a PC receiving a copy of Sobig today should not try to forward it on. But another factor behind Sobig's longevity could be that some PCs are set to the incorrect date. While networked PCs will typically take their date and time from a central server, home PCs are reliant on their internal clock and the small battery that powers it.

If the battery runs down and isn't replaced, a computer will not know the correct date or time. According to MessageLabs, many such PCs are out there, connected to the Web, being infected with Sobig by computers that were compromised back in August and haven't switched their virus activity off. It is these PCs that are pumping out more copies.

Story by Graeme Wearden
Source: C-Net News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


Back to the top of the page.         

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer