ITSD Computing and Communications Services News
November, 2003

CCS News Home
Back Issues
Computer Security
Help Request
Software Downloads
Computer Backups
Buy a Computer
Suggestion Box
Email
Calendar
Onsite Computer Training
ITSD
CIS
ISS
NTD
TEID
  Monthly Virus Update: As SoBig Virus Self-Deflates, Attempted Infections Decline

The LBNL virus wall got a break last month, so to speak; this time it detected and eradicated "only" 23,769 viruses. The substantial decline in number of viruses found was more than anything else due to the fact that the SoBig.F worm is programmed to become dormant on September 10, 2003 (although it still continues to infect systems that have the wrong date and time).

The SoBig worm was once again most prevalent with 13771 instances detected and eradicated. SoBig.F spreads itself via mail attachments with subjects such as Re: Details,” “Re: Re: My details,” “Re: Approved,” “Re: Your application,” “Re: Thank you!,” and “Thank you!” Users who open the attachment infect their systems. Only systems with incorrect system time succumb to this worm now because Sobig.F is programmed to stop infecting Windows systems on and after September 10, 2003.

The Swen.A worm maintained its hold on second place last month with 7,596 instances detected and eradicated, a slight increase from October. Swen.A fools users into downloading an attachment that contains this worm. It creates and then sends a bogus Microsoft security bulletin that allegedly contains a patch for Outlook, Outlook Express and Internet Explorer. Users who download this "patch" infect their Windows systems.

The Klez.H worm again came in third with 1,360 instances detected and eradicated, up slightly from the previous month. This worm infects Windows systems by sending mail containing an infected attachment. By appearing to be from users whose addresses it finds in address books and other files within the systems it infects, it fools unsuspecting users into opening the attachment, thereby infecting their Windows systems.

Although not prevalent, the Mimail worm continues to cause trouble in some LBNL Windows systems. This mass-mailing worm sends messages that appear to be sent by the system administrator of a local network, informing recipients that their email accounts will soon expire. Each message contains an attachment that if opened causes a Windows system to become infected. One of the greatest dangers of a Mimail infection is that this worm also gleans information from windows on the desktop of each infected system and then sends it back to several Internet addresses.

The "bottom line" is that you need to keep your system's anti-virus software up to date. Additionally, avoid opening suspicious attachments.