W32/Sobig.F@mm
| W32/Sobig.F@mm |
Destructivity:  Spreading: Overall risk: 
|
| • Detected by virus detection files published: 8/19/2003 | • Type: Worm |
| • Virus characteristics first published: 8/19/2003 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 6/18/2004 | • Overall risk: High |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
Frequently asked questions about SobigQuestion: How can I check if my computer is infected with Sobig.F? Answer: a) If you do not have an antivirus program, you should install the latest version of Norman Virus Control b) Make sure that your antivirus program is completely updated. In Norman Virus Control, click the N-icon, choose About. The signature date for binary viruses should be 2003/08/19 or newer. c) Run a full virus scan by clicking the N-icon, and choose Scan harddisk. Question: I receive warnings that I am spreading Sobig.F, but when I am scanning my computer with updated anti-virus software, no viruses are detected. What should I do? How can I be sure that my computer is not infected? Answer: The Sobig worm spoofs email addresses. This means that the worm is able to retrieve addresses from the address book or from other files residing on an infected computer, and use these addresses to disguise who the real sender is when spreading further. Most anti-virus software alert mechanisms are not able to decide whether the address is spoofed or not, and will therefore alert the address which the worm seems to be sent from. Often this address is not the real sender. If Norman Virus Control with binary signature date from 2003/08/19 or newer, does not detect any Sobig worm on your computer, you are not infected Question: My computer is infected with Sobig.F. How do I remove this worm. Answer: Download and run Norman's special fix as described in the Detection and removal paragraph Question: Our mail server is bombed by emails containing the Sobig.F virus. What can we do? Answer: a) You should install mail server antivirus software, e.g. NVC for Domino or NVC for Exchange on your mail server to assure that no infected attachments reach your end users. b) You should install server based antispam software to ensure that the end users don't recieves loads of email generated by the virus. You will have to make an antispam rule that blocks the virus on keyword checking (e.g. subject). You can download a trial version of Norman Spam Control here: Question: Our mailserver is bombed by auto-responses from anti-virus software alarming about Sobig.F. What can we do to lower the traffic? Answer: Actually it is not much you can do about this. If your own anti-virus software sends out email alerts each time a virus is detected, you should consider to at least temporarily deactivate this feature. In addition you may use anti-spam software like Norman Spam Control to reduce the amount of false Sobig alerts. |
||||||||||||||