What You Should Know About the Sobig Worm
Why We Are Issuing This Alert
Sobig.A and its variants spread through e-mail and network shares. This worm typically disguises e-mail messages with an @microsoft.com address so that it appears they are coming from Microsoft, a tactic known as spoofing. Many of the addresses are valid addresses that are being spoofed for malicious purposes.
The variants of the Sobig worm include Sobig.A, Sobig.B, Sobig.C, Sobig.D, Sobig.E, Sobig.F
Message characteristics vary for each variant of the Sobig virus. Technical information from each variant is available from antivirus vendors participating in the Microsoft Virus Information Alliance (VIA).
If you ever receive a questionable e-mail message that contains an attachment, do not open the attachment. If you cannot confirm with the sender that the message is valid and that the attachment is safe, delete the message immediately. If you receive a questionable message that purports to be from Microsoft, you should be aware that Microsoft never distributes software through e-mail.
How to Help Protect Against This Worm
To avoid infection, you should block harmful attachments at your Internet mail gateways. For this worm, block all attachments with the .pif extension. (The extension may be truncated to .pi in some instances.) Additionally, you should use the features in the latest versions of Outlook and Outlook Express to block harmful attachments.
For Outlook 2000 and Outlook XP
Outlook 2000 Service Pack 3 (SP3) and later and Outlook XP SP1 include the most recent updates to improve the security in Outlook and other Microsoft Office System programs. This includes a feature that blocks potentially harmful attachment types. If you are running either of these versions, they will by default block the attachment, and you will be unable to open it.
By default, Outlook 2000 prior to Service Release 1 (SR1) and Outlook 98 did not include this feature, but it can be obtained by installing the Outlook E-mail Security Update.
For Outlook 2002
For Outlook Express 6
Outlook Express 6 can be configured to block potentially damaging attachments.
For Earlier Versions of Outlook Express
Earlier versions of Outlook Express contain no attachment-blocking features. Users of these products are strongly encouraged to upgrade to the latest version and to use extreme caution when opening unsolicited e-mail messages with attachments.
For Web-Based E-mail
If you use Web-based e-mail, you should install a third-party firewall to help protect your computer from this worm.
What to Do If You Think Your Computer Is Infected
- If you think your computer is infected, first try going to your antivirus software vendor's Web site to get the latest updates. You might be able to update your virus definitions to detect and remove the virus. Going forward, be sure to keep your virus definitions current to avoid infection.
- If your computer has been infected and you need technical assistance, please contact Microsoft Product Support Services or your antivirus vendor for assistance removing it.
- For Microsoft Product Support Services within the United States and Canada, call toll-free (866) PCSAFETY (727-2338).
- For Microsoft Product Support Services outside the United States and Canada, visit the Product Support Services Web page.
Get More Technical Details
Get additional details on this worm from antivirus software vendors participating in the Microsoft Virus Information Alliance (VIA):
|
