LawTech
Technology and legal practice
Thursday, August 21, 2003

The massive attack of the Sobig-F worm is getting a lot of publicity, but none of the news reports provides practical information about how to tell whether a machine is infected.  They mention that an executable program is copied to victims' machines, but do not even identify the name of the file. Many users are receiving notifications from corporate systems that messages that they have sent are infected, but this is a false report. 

The Symantec web site, supposedly a good resource for information of this nature, has placed information about the Sobig worm in a hard-to-find location.

We have found detailed information and detection and removal instructions at the Sophos antivirus site.  The essentials: look for a file called winppr32.exe under c:winnt or c:windows, and anywhere in the registry.


9:32:45 AM    



© 2003 Franco Castalone
Last Update: 9/6/2003; 8:38:36 PM

Click here to visit the Radio UserLand website.

 










August 2003
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
Jul   Sep

Subscribe to "LawTech" in Radio UserLand.
Click to see the XML version of this web page.
Click here to send an email to the editor of this weblog.