Tuesday, June 17, 2003
Microsoft enters AV market, Ross Cooney, Cyber Sentry
Microsoft has entered the anti-virus market with the surprise acquisition of little known Romanian AV firm GeCAD Software. Financial terms of the deal, announced yesterday, were not disclosed.
In addition to developing new solutions, Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform and extend support for third-party antivirus vendors".
"The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements".
Privately-held GeCAD Software, founded in 1992, has supplied antivirus and security products since 1994 under the name RAV AntiVirus. News of the acquisition has sparked concern that cross-platform support for virus and spam filtering could be dropped from RAV's portfolio. If that happens there are plenty of vendors to pick up the baton and we don't see this as a major concern.
Graham Titterington, principal analyst with Ovum, reckons the GeCAD Software acquisition is a sign that Microsoft wants to get financial payback from its multi-million dollar Trustworthy Computing initiative.
"Trustworthy Computing started as a measure to re-assure its key business customers that it was serious about their concerns, but eventually it had to become a profit centre," he says.
"Simply selling anti-virus software is clearly not the whole story but it's a good place to start."
But why buy a small AV vendor rather than a player with significant market share?
Buying indicates that Microsoft wants to keep control of its security agenda, according to Titterington.
"Microsoft doesn't want to acquire an existing portfolio of products, but rather wants a technological springboard to kick-start its own programmes.
"Microsoft is likely to build out from the consumer and desktop end of the market. Content filtering, personal firewalls and privacy tools are likely to follow soon, followed by Digital Rights Management products. Web services security will provide a second front by which Microsoft will expand into the security market, building on its .NET foundations."
The anti-virus market is famously conservative (desktop-focused vendors spent years rubbishing more innovative firms like MessageLabs, for example).
Maybe Microsoft's entry into the market will give the sector a much-needed shake up.
At the very least it will make the software giant more accountable for viral outbreaks.
Which is no bad thing.
Microsoft has entered the anti-virus market with the surprise acquisition of little known Romanian AV firm GeCAD Software. Financial terms of the deal, announced yesterday, were not disclosed.
In addition to developing new solutions, Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform and extend support for third-party antivirus vendors".
"The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements".
Privately-held GeCAD Software, founded in 1992, has supplied antivirus and security products since 1994 under the name RAV AntiVirus. News of the acquisition has sparked concern that cross-platform support for virus and spam filtering could be dropped from RAV's portfolio. If that happens there are plenty of vendors to pick up the baton and we don't see this as a major concern.
Graham Titterington, principal analyst with Ovum, reckons the GeCAD Software acquisition is a sign that Microsoft wants to get financial payback from its multi-million dollar Trustworthy Computing initiative.
"Trustworthy Computing started as a measure to re-assure its key business customers that it was serious about their concerns, but eventually it had to become a profit centre," he says.
"Simply selling anti-virus software is clearly not the whole story but it's a good place to start."
But why buy a small AV vendor rather than a player with significant market share?
Buying indicates that Microsoft wants to keep control of its security agenda, according to Titterington.
"Microsoft doesn't want to acquire an existing portfolio of products, but rather wants a technological springboard to kick-start its own programmes.
"Microsoft is likely to build out from the consumer and desktop end of the market. Content filtering, personal firewalls and privacy tools are likely to follow soon, followed by Digital Rights Management products. Web services security will provide a second front by which Microsoft will expand into the security market, building on its .NET foundations."
The anti-virus market is famously conservative (desktop-focused vendors spent years rubbishing more innovative firms like MessageLabs, for example).
Maybe Microsoft's entry into the market will give the sector a much-needed shake up.
At the very least it will make the software giant more accountable for viral outbreaks.
Which is no bad thing.
Wednesday, June 11, 2003
Four Out of Five Children Receive Inappropriate Spam, Ross Cooney, Cyber Sentry
According to Applied Research, a market research firm based in Seattle four out of five children receive inappropriate spam e-mail touting get-rich-quick schemes, and almost half receive spam linking to pornographic materials, according to a study released Monday by an Internet security company.
A substantial number of the 1,000 children ages 7 to 18 interviewed said they felt "uncomfortable and offended when seeing improper e-mail content."
One in five children opened and read spam, the study found, and more than half of them checked e-mail without parental oversight.
Among the other findings in the survey:
80 percent of the respondents said they are bombarded by sweepstakes messages.
62 percent received spam touting dating services.
47 percent received e-mails with links to pornographic websites.
34 percent have felt uncomfortable receiving spam.
"Parents need to educate their children about the dangers of spam and how they can avoid being exposed to offensive content or becoming innocent victims of online fraud," Said Ross Cooney, CTO of spam protection company Cyber Sentry
According to Applied Research, a market research firm based in Seattle four out of five children receive inappropriate spam e-mail touting get-rich-quick schemes, and almost half receive spam linking to pornographic materials, according to a study released Monday by an Internet security company.
A substantial number of the 1,000 children ages 7 to 18 interviewed said they felt "uncomfortable and offended when seeing improper e-mail content."
One in five children opened and read spam, the study found, and more than half of them checked e-mail without parental oversight.
Among the other findings in the survey:
80 percent of the respondents said they are bombarded by sweepstakes messages.
62 percent received spam touting dating services.
47 percent received e-mails with links to pornographic websites.
34 percent have felt uncomfortable receiving spam.
"Parents need to educate their children about the dangers of spam and how they can avoid being exposed to offensive content or becoming innocent victims of online fraud," Said Ross Cooney, CTO of spam protection company Cyber Sentry
Real Time Blocking lists (RBL) are not the only answer! Ross Cooney, CTO of spam experts Cyber Sentry
Clueless spam protection companies are advertising the fact that they use RBL lists to protect their users from spam attack. Cyber Sentry believe that there is a better way.
During the Internet's infancy, Paul Vixie of Lyris Technologies came up with an idea to block traffic from specific IP addresses. He called the concept RBL, or Real-Time Blackhole List. He had hoped it would help block unwanted email, but the truth is, it never played a significant role in stopping spam. Years ago, mass emailers developed distribution technologies to sidestep RBL.
Cyber Sentry included RBL in its research program and concluded that the technology is obsolete. Even its inventor, Paul Vixie, admits on his Web site that RBL has flaws and cannot stop professional spammers who are mobile and use relaying as a method of distribution.
Quite surprisingly, some anti-spam software companies still use RBL as one of their central technologies. In fact, RBL is the cornerstone of their marketing efforts. CyberSentry, which has gone beyond these archaic methods of blocking spam, developed a technology steps ahead of any present spammers' distribution methods.
"We believe the list does little to stop spam while potentially blocking legitimate messages. In addition, some businesses have said they were blocked without warning or justification" said Ross Cooney, CTO of Email Messaging experts Cyber Sentry. "Most responsible email providers are now implementing a system of RBL's, content checking and intelligent routing to block spam."
While other anti-spam software companies promise 60% to 80% filtration rates,Cyber Sentry will eliminate 98% of the SPAM you receive.
Clueless spam protection companies are advertising the fact that they use RBL lists to protect their users from spam attack. Cyber Sentry believe that there is a better way.
During the Internet's infancy, Paul Vixie of Lyris Technologies came up with an idea to block traffic from specific IP addresses. He called the concept RBL, or Real-Time Blackhole List. He had hoped it would help block unwanted email, but the truth is, it never played a significant role in stopping spam. Years ago, mass emailers developed distribution technologies to sidestep RBL.
Cyber Sentry included RBL in its research program and concluded that the technology is obsolete. Even its inventor, Paul Vixie, admits on his Web site that RBL has flaws and cannot stop professional spammers who are mobile and use relaying as a method of distribution.
Quite surprisingly, some anti-spam software companies still use RBL as one of their central technologies. In fact, RBL is the cornerstone of their marketing efforts. CyberSentry, which has gone beyond these archaic methods of blocking spam, developed a technology steps ahead of any present spammers' distribution methods.
"We believe the list does little to stop spam while potentially blocking legitimate messages. In addition, some businesses have said they were blocked without warning or justification" said Ross Cooney, CTO of Email Messaging experts Cyber Sentry. "Most responsible email providers are now implementing a system of RBL's, content checking and intelligent routing to block spam."
While other anti-spam software companies promise 60% to 80% filtration rates,Cyber Sentry will eliminate 98% of the SPAM you receive.
Tuesday, June 10, 2003
Paying for the Spam Burden, Bernie Golbach
The combination of BugBear (which my IBM TransNote's Norton Anti-Virus Toolkit is handling alright) and spam (averaging 16.7 per hour this month into my personal accounts), has caused me to run my laptop mail with mailman.iol.ie or mail2web (recommended). This slows down my ability to co-ordinate projects and has resulted in slippage on important things.
But the biggest impact is cost. When I pull down message headers with my Palm m505 or my Nokia 9210i, I pay for that connectivity plus I pay for the admin time of deleting the messages. Specifically, I spend 3 minutes every hour clearing a hole through spam while underway in Ireland. Over the course of one work week, I will lose two hours of productive time, while retrieving, scanning, and deleting dodgy messages.
As I cannot charge for this spam burden, I suck it up and work longer. That means my work week has stretched two hours longer each week when I'm on the road, just because of spam burden.
I'm not a clueless computer operator. I don't open unsolicited attachments. But they keep coming with a vengeance.
I want to maintain a consistent e-mail address, so I'm not going to discard my primary contact details when they're overrun by spammers and virus attacks. The time is ripe for managed service providers to help those dependent upon e-mail to begin trusting it as a viable means of doing business.
The combination of BugBear (which my IBM TransNote's Norton Anti-Virus Toolkit is handling alright) and spam (averaging 16.7 per hour this month into my personal accounts), has caused me to run my laptop mail with mailman.iol.ie or mail2web (recommended). This slows down my ability to co-ordinate projects and has resulted in slippage on important things.
But the biggest impact is cost. When I pull down message headers with my Palm m505 or my Nokia 9210i, I pay for that connectivity plus I pay for the admin time of deleting the messages. Specifically, I spend 3 minutes every hour clearing a hole through spam while underway in Ireland. Over the course of one work week, I will lose two hours of productive time, while retrieving, scanning, and deleting dodgy messages.
As I cannot charge for this spam burden, I suck it up and work longer. That means my work week has stretched two hours longer each week when I'm on the road, just because of spam burden.
I'm not a clueless computer operator. I don't open unsolicited attachments. But they keep coming with a vengeance.
I want to maintain a consistent e-mail address, so I'm not going to discard my primary contact details when they're overrun by spammers and virus attacks. The time is ripe for managed service providers to help those dependent upon e-mail to begin trusting it as a viable means of doing business.
Monday, June 09, 2003
Managed Services are the Future, Ross Cooney, CTO, Cyber Sentry
Managed Service Providers have finally come of age.
The complexity of computer viruses, badly designed computer operating systems and clueless computer operators have led to an explosion in computer viruses. Over the past few years efforts to resolve these issues have not worked and the size of the BugBear outbreak is testament to the fact that people are not opening their eyes to the serious threat that is computer viruses.
Like most of it's predecessors, BugBear relies on un-suspecting computer users to open an attachment which arrives in an email....the oldest trick in the book! During the past few years computer users have been warned not to open such attachments but they dont seem to listen to this simple advice. The sheer scale of this outbreak shows that efforts to educate computer users in ways to protect themselves have not worked. It shows that users are not able to act in a way which can protect themselves.
This virus also relies on users to have an out-date operating system, namely a badly patched version of Microsoft Windows. It seems that Microsoft have not concentrated their efforts correctly upon getting users to install their patches and updates.
The time has come for managed service providers to step into the fray and protect the masses.
Managed Service Providers have finally come of age.
The complexity of computer viruses, badly designed computer operating systems and clueless computer operators have led to an explosion in computer viruses. Over the past few years efforts to resolve these issues have not worked and the size of the BugBear outbreak is testament to the fact that people are not opening their eyes to the serious threat that is computer viruses.
Like most of it's predecessors, BugBear relies on un-suspecting computer users to open an attachment which arrives in an email....the oldest trick in the book! During the past few years computer users have been warned not to open such attachments but they dont seem to listen to this simple advice. The sheer scale of this outbreak shows that efforts to educate computer users in ways to protect themselves have not worked. It shows that users are not able to act in a way which can protect themselves.
This virus also relies on users to have an out-date operating system, namely a badly patched version of Microsoft Windows. It seems that Microsoft have not concentrated their efforts correctly upon getting users to install their patches and updates.
The time has come for managed service providers to step into the fray and protect the masses.
Thursday, June 05, 2003
Return of BugBear, Get ready for the flood!, Ross Cooney CTO at Cyber Sentry.
Get ready for a deluge of viruses, virus reports and the support calls from users who get scared by the media reports! Yep, it is coming again! BugBear has been given a face lift and is spreading rapidly.
The simple characteristics are:
1) It useses spoofed reply addresses, and may not indicate the true address of the sender.
2) It uses random subject lines, seemingly relating to information or documents plagiarised from the recipients infected machine.
3) The text of the email is varied and appears to be taken from documents and files found on the recipients infected machine.
4) The attachment is either in .scr, .pif or .exe format.
5) It is a mass mailer...so get ready for a bandwidth explosion rom infected users.
5) it is pollymorphic, that is it has the ability to change it's appearance to try to effect the reliability of AV software...so get ready for several AV updates today.
"This new virus further validates the managed service providers business model. It is not realistic for companies to use traditional AV software to protect against viruses like this." says Ross Cooney, CTO of virus scanning company Cyber Sentry. "people need the proactive protection that a managed service provides."
Get ready for a deluge of viruses, virus reports and the support calls from users who get scared by the media reports! Yep, it is coming again! BugBear has been given a face lift and is spreading rapidly.
The simple characteristics are:
1) It useses spoofed reply addresses, and may not indicate the true address of the sender.
2) It uses random subject lines, seemingly relating to information or documents plagiarised from the recipients infected machine.
3) The text of the email is varied and appears to be taken from documents and files found on the recipients infected machine.
4) The attachment is either in .scr, .pif or .exe format.
5) It is a mass mailer...so get ready for a bandwidth explosion rom infected users.
5) it is pollymorphic, that is it has the ability to change it's appearance to try to effect the reliability of AV software...so get ready for several AV updates today.
"This new virus further validates the managed service providers business model. It is not realistic for companies to use traditional AV software to protect against viruses like this." says Ross Cooney, CTO of virus scanning company Cyber Sentry. "people need the proactive protection that a managed service provides."
Hotmail to implement RBL lists to protect users, Ross Cooney, CTO Cyber Sentry Ltd
Microsoft, the owners of Hotmail are adding a new feature to the free email service to manage unwanted "spam". This is the companies latest attempt to address the problem of unsolicited junk advertising.
Internet companies that offer email, such as Web portals and ISPs, have spent considerable resources to fight the problem. Giants such as America Online have taken suspected spammers to court, and many states have enacted legislation to fight the proliferation of spam. Hotmail has been getting quite a bit of abuse from IP service providers about the level of spam that has been both sent to and generated by it's users. At a time when quite a few of these IP providers are at the verge of blocking all email from the Hotmail network the company has started to act.
The company has been reported to be taking two actions to stop spam on it's network, the first of which is to limit the number of emails that it's users can send every day, and the second of which will setup RBL (black lists) to limit the number of incoming email.
Hotmail plan to implement the MAPS system. MAPS identifies and blacklists Internet servers that act as conduits for large volumes of junk email. The filter, known as the Realtime Blackhole List (RBL), received a big boost from Microsoft's endorsement.
While the initiatives are generally welcomed, many industry experts believe that the implementation of RBL's give low levels of return.
"We believe the list does little to stop spam while potentially blocking legitimate messages. In addition, some businesses have said they were blocked without warning or justification" said Ross Cooney, CTO of Email Messaging experts Cyber Sentry. "Most responsible email providers are now implementing a system of RBL's, content checking and intelligent routing to block spam."
Still, some Hotmail users said they had seen a difference in the amount of spam they received since Microsoft instituted the RBL, which uses various techniques to block junk mail. One user agreed, "I turned the filters on the other day. No spam. Not one. Period. For the first time in months, my Hotmail mailbox is quiet."
Microsoft, the owners of Hotmail are adding a new feature to the free email service to manage unwanted "spam". This is the companies latest attempt to address the problem of unsolicited junk advertising.
Internet companies that offer email, such as Web portals and ISPs, have spent considerable resources to fight the problem. Giants such as America Online have taken suspected spammers to court, and many states have enacted legislation to fight the proliferation of spam. Hotmail has been getting quite a bit of abuse from IP service providers about the level of spam that has been both sent to and generated by it's users. At a time when quite a few of these IP providers are at the verge of blocking all email from the Hotmail network the company has started to act.
The company has been reported to be taking two actions to stop spam on it's network, the first of which is to limit the number of emails that it's users can send every day, and the second of which will setup RBL (black lists) to limit the number of incoming email.
Hotmail plan to implement the MAPS system. MAPS identifies and blacklists Internet servers that act as conduits for large volumes of junk email. The filter, known as the Realtime Blackhole List (RBL), received a big boost from Microsoft's endorsement.
While the initiatives are generally welcomed, many industry experts believe that the implementation of RBL's give low levels of return.
"We believe the list does little to stop spam while potentially blocking legitimate messages. In addition, some businesses have said they were blocked without warning or justification" said Ross Cooney, CTO of Email Messaging experts Cyber Sentry. "Most responsible email providers are now implementing a system of RBL's, content checking and intelligent routing to block spam."
Still, some Hotmail users said they had seen a difference in the amount of spam they received since Microsoft instituted the RBL, which uses various techniques to block junk mail. One user agreed, "I turned the filters on the other day. No spam. Not one. Period. For the first time in months, my Hotmail mailbox is quiet."
Wednesday, June 04, 2003
Managed Spam Filtering -- Ross Cooney, CTO Cyber Sentry Ltd
Over the past few years spam has become a very serious problem for internet users around the world. In Ireland an estimated 15% of email is spam, in the UK it is close to 40% and in the US the figure is close to 50%.
Some people say when you get spam you should "just hit delete." There are a number of problems with this idea.
"Firstly, how many times should we have to just hit delete" asks Ross Cooney, CTO at spam specialist compay Cyber Sentry. "Should we press delete Five? Ten? Fifty? Five Hundred? Five Thousand? times a day? This is does not solve the problem."
Secondly, by the time you get to "just hit delete", much of the damage has been done. Your ISP has incurred the cost of facilities to cope with the volume of spam and passed them on to you. You have had to spend time downloading useless messages, which may be charged by either time or data. If your email program notifies you of new messages, your flow of work has already been interrupted, costing you not only in time but in productivity.
Thirdly, "just hit delete" does nothing to discourage more and more vendors to advertise by spam, and effectively speeds us along the path to making email useless.
One way to battle spam is to use client side applications or server side black lists. Most companies who install these services dont get a large benifit from them as they are hard to install properly and keep up-to-date.
A serious business model has been developed over the past few years for Managed Email Scanning Services, such as the one provided by Cyber Sentry. Cyber Sentry install servers in the communications rooms of ISP's.
Email is then automatically scanned for viruses. The service relays all emails through three commercial antivirus scanners and our own unique developed software 'Cyber-Seek' then further checks for discernible patterns alerting our Technical Team to any suspicious behavior.
If a virus is detected the sender, recipient and the Cyber Sentry postmaster are all informed that a virus has been detected and the sender's details and subject line are preserved for reference. Infected email is kept in a secure location for a period of one month should additional action be required.
Managed Email Scanning Services are cost efficient as all updates are automated and managed for the company, leaving the staff to do what they do best!
Over the past few years spam has become a very serious problem for internet users around the world. In Ireland an estimated 15% of email is spam, in the UK it is close to 40% and in the US the figure is close to 50%.
Some people say when you get spam you should "just hit delete." There are a number of problems with this idea.
"Firstly, how many times should we have to just hit delete" asks Ross Cooney, CTO at spam specialist compay Cyber Sentry. "Should we press delete Five? Ten? Fifty? Five Hundred? Five Thousand? times a day? This is does not solve the problem."
Secondly, by the time you get to "just hit delete", much of the damage has been done. Your ISP has incurred the cost of facilities to cope with the volume of spam and passed them on to you. You have had to spend time downloading useless messages, which may be charged by either time or data. If your email program notifies you of new messages, your flow of work has already been interrupted, costing you not only in time but in productivity.
Thirdly, "just hit delete" does nothing to discourage more and more vendors to advertise by spam, and effectively speeds us along the path to making email useless.
One way to battle spam is to use client side applications or server side black lists. Most companies who install these services dont get a large benifit from them as they are hard to install properly and keep up-to-date.
A serious business model has been developed over the past few years for Managed Email Scanning Services, such as the one provided by Cyber Sentry. Cyber Sentry install servers in the communications rooms of ISP's.
Email is then automatically scanned for viruses. The service relays all emails through three commercial antivirus scanners and our own unique developed software 'Cyber-Seek' then further checks for discernible patterns alerting our Technical Team to any suspicious behavior.
If a virus is detected the sender, recipient and the Cyber Sentry postmaster are all informed that a virus has been detected and the sender's details and subject line are preserved for reference. Infected email is kept in a secure location for a period of one month should additional action be required.
Managed Email Scanning Services are cost efficient as all updates are automated and managed for the company, leaving the staff to do what they do best!
Tuesday, June 03, 2003
School's out! , says Cyber Sentry's Ross Cooney
I was amased to see that a new course at University of Calgary run by a Dr. John Aycock teaches students to write malicious viruses!
The course, titled "Computer Viruses and Malware" is described by university literature as focusing on "developing malicious software such as computer viruses, worms and Trojan horses that are known to wreak havoc to the tune of billions of dollars world-wide on an annual basis."
Dr. Aycock seems to believe that greater knowledge will lead to a greater understanding of how to stop viruses. I dont believe that the benifts are big enough to warrent this.
What would happen if a young kid on this course was to allow his homework out for a walk? I have to say that I would strongly encourage companies who get effected by viruses developed in the University labs to sue the University for damages! And why not?
"Should we teach kids how to break into cars if they're interested in becoming a policeman one day? It is simply not necessary to write new viruses to understand how they work and how they can be prevented," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Sadly it seems the university is developing courses according to what it believes will be most attractive to potential students rather than focusing on skills that will be useful to them in the security industry. One wonders if the University will be held legally and financially responsible if any of the viruses written on their course break out and infect innocent computer users."
In my years of virus reporting I have never written malicious code, as there is no need to do this to achieve a better understanding of how to defeat viruses? I dont think so!
I was amased to see that a new course at University of Calgary run by a Dr. John Aycock teaches students to write malicious viruses!
The course, titled "Computer Viruses and Malware" is described by university literature as focusing on "developing malicious software such as computer viruses, worms and Trojan horses that are known to wreak havoc to the tune of billions of dollars world-wide on an annual basis."
Dr. Aycock seems to believe that greater knowledge will lead to a greater understanding of how to stop viruses. I dont believe that the benifts are big enough to warrent this.
What would happen if a young kid on this course was to allow his homework out for a walk? I have to say that I would strongly encourage companies who get effected by viruses developed in the University labs to sue the University for damages! And why not?
"Should we teach kids how to break into cars if they're interested in becoming a policeman one day? It is simply not necessary to write new viruses to understand how they work and how they can be prevented," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Sadly it seems the university is developing courses according to what it believes will be most attractive to potential students rather than focusing on skills that will be useful to them in the security industry. One wonders if the University will be held legally and financially responsible if any of the viruses written on their course break out and infect innocent computer users."
In my years of virus reporting I have never written malicious code, as there is no need to do this to achieve a better understanding of how to defeat viruses? I dont think so!
SoBig comes of age
Cyber Sentry, Irelands only email and spam managed service provider has warned of the impending outbreak of yet another mass-mailing virus.
Sobig-C, a variant of the SoBig virus was detected over the weekned and it is spreading very quickly. The virus spreads by email or (less commonly) shared network drives. This virus has now reached 'high level' outbreak status.
The virus arrives by email with either a PIF or an SCR attachment. People who get the email need not be too concerned unless they try to open the attachment, if you were unfortunate enough to open the attachment then your machine is probably infected.
“There is nothing special about the technology behind this virus, it is just a basic virus which relys on inexperienced computer users to execute the attached file....It is amasing how many people still have not learnt the lesson of previous viruses.” said Ross Cooney, Technical Director at Cyber Sentry.
One tell tale way to identify it is the text of the email is allways ”Please see the attached file”, advises companies to install content checking software on their email servers so as to allow the filtering of emails that contain this text.
Upon infection the Sobig-C worm will search your hard drive for files which contain email addresses and extract them to a database. It then sends a copy of itself to each of the extracted addresses using it's own SMTP (Simple Mail Transfer Protocol) Engine so as to bypass the Microsoft OutLook application and the older Microsoft MAPI hacks.
As usual the worm has no effect on either Mac or Linux machines. Cyber Sentry advises users to upgrade their operating system to RedHat Linux.
Sophos: http://www.sophos.com/virusinfo/analyses/w32sobigc.html
F-Secure http://www.f-secure.com/v-descs/sobig_c.shtml
Symantec http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.c@mm.html
Cyber Sentry, Irelands only email and spam managed service provider has warned of the impending outbreak of yet another mass-mailing virus.
Sobig-C, a variant of the SoBig virus was detected over the weekned and it is spreading very quickly. The virus spreads by email or (less commonly) shared network drives. This virus has now reached 'high level' outbreak status.
The virus arrives by email with either a PIF or an SCR attachment. People who get the email need not be too concerned unless they try to open the attachment, if you were unfortunate enough to open the attachment then your machine is probably infected.
“There is nothing special about the technology behind this virus, it is just a basic virus which relys on inexperienced computer users to execute the attached file....It is amasing how many people still have not learnt the lesson of previous viruses.” said Ross Cooney, Technical Director at Cyber Sentry.
One tell tale way to identify it is the text of the email is allways ”Please see the attached file”, advises companies to install content checking software on their email servers so as to allow the filtering of emails that contain this text.
Upon infection the Sobig-C worm will search your hard drive for files which contain email addresses and extract them to a database. It then sends a copy of itself to each of the extracted addresses using it's own SMTP (Simple Mail Transfer Protocol) Engine so as to bypass the Microsoft OutLook application and the older Microsoft MAPI hacks.
As usual the worm has no effect on either Mac or Linux machines. Cyber Sentry advises users to upgrade their operating system to RedHat Linux.
Sophos: http://www.sophos.com/virusinfo/analyses/w32sobigc.html
F-Secure http://www.f-secure.com/v-descs/sobig_c.shtml
Symantec http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.c@mm.html
