[Exim] OT but could be useful to some mailadmins ...

Top Page
Delete this message
Reply to this message
Author: Tony Earnshaw
Date:  
To: postfix-users, exim-users
Subject: [Exim] OT but could be useful to some mailadmins ...
... considering the general furore w.r.t. SobigF.

I'm sure Sophos (forgive me for any perceived partiality) would for give
me for the following extract from the generally available Sophos Alert
System e-mail notification.

I know that many of you will know this already (it's even been published
on Norwegian sites, so it /has to be/ be current) but nevertheless:
____________________________________________________________________

Sophos researchers have published information on a second
wave attack which the Sobig-F worm may attempt to make
in the coming hours.

On infected PCs, Sobig-F will attempt to download code from
the internet and then run it on the computer. This occurs
on Fridays and Sundays at 19:00-22:00 GMT. This equates
to the following times in different parts of the world:

Los Angeles    12 noon -  3:00pm
      Boston    3:00pm  -  6:00pm
      London    8:00pm  - 11:00pm
      Berlin    9:00pm  - 12:00 midnight
   Hong Kong    3:00am  -  6:00am (Saturday and Monday)
       Tokyo    4:00am  -  7:00am (Saturday and Monday)
      Sydney    5:00am  -  8:00am (Saturday and Monday)


(Note that because of time differences, the attempt
to download code will happen on Saturdays and Mondays
in the Far East and Australasia).

The worm has been programmed to automatically direct infected
PCs to a server controlled by the virus writer from which a
malicious program could be downloaded. At the moment, it is
not known what the download material will do, but
possibilities include launching another virus or spam
attack, collecting sensitive information, or deleting
files stored on an infected computer or network.

More details on how to prevent the download happening on
your computers, and information on how to clean-up
a Sobig infection, are available at the following urls:

http://www.sophos.com/virusinfo/analyses/w32sobigf.html
http://www.sophos.com/sobig
http://www.sophos.com/virusinfo/articles/sobigextra.html

___________________________________________________________

Tony

--
Tony Earnshaw

Looking backwards is always easy with hindsight

http://www.billy.demon.nl
Mail: tonni@???