Novell Home

Stop Sobig Mass-Mailing Worm Before It Hits GroupWise

Novell Cool Solutions: Trench
By Messaging Architects

Digg This - Slashdot This

Posted: 21 Aug 2003
 

What is W32.Sobig and how does it affect me? For those of you being hit by the Sobig-F worm, you can easily defend your GroupWise servers using GWGuardian. If you do not currently own GWGuardian+AV, you can download a fully functional trial copy at http://www.messagingarchitects.com/gwguardianee.

The Sobig worm has made an unwelcome return in the form of its latest variant, W32/Sobig-F. The mass-mailing, network-aware worm can spread via email and network shares. W32/Sobig-F attempts to spread by copying itself to Windows network shares and uses the Network Time Protocol to one of several servers in order to determine the current date and time.

What action can I take from here?

Protocol Filtering
While Sobig-F has quickly become one of the most successful viruses of all time, it can be easily also defeated with GWGuardian in several ways. First add a protocol filter to block out the subject lines listed below. GWGuardian's protocol filter analyzes the message header content and rejects suspicious email messages even before it is accepted by GWIA.

Subject line:

  • Re: That movie
  • Re: Wicked screensaver
  • Re: Your application
  • Re: Approved
  • Re: Re: My details
  • Re: Details
  • Your details
  • Thank you!

Attachment Blocks
Another method is by setting just two simple yet effective attachment blocks. GWGuardian will block any message containing either of the file types below... Sobig-F may appear as a variety of file names, but will always use one of these two extensions.

*.SCR
*.PIF

If you are running GroupWise 5.5, 6.0, 6.5 or even Notes, Exchange and Netmail GWGuardian will prevent Sobig-F from even reaching your mail server.

GWGuardian also includes many more features including 8 levels of anti-spam & anti-virus protection. Find out why so many enterprises and government organizations chose GWGuardian and to download a trial version, please visit us at http://www.messagingarchitects.com/gwguardianee.

Security Response Team
The Messaging Architects
http://www.messagingarchitects.com


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell