|
Disinfection Tool. F-Secure provides the special tool
to disinfect the Sobig.F worm. Sobig
sends massive amounts of mail. The sender information of these mails is wrong
and doesn't indicate the real infected user. The attachment has a size of around
70KB and it's packed with TELock. It has its own SMTP engine, apart from routines
to query directly DNS servers and make requests using the Network Time Protocol.
The worm will also attempt to fetch a URL from where to download components when
certain conditions are met. The condition, in this case, is that the time which
is obtained from one the NTP servers (which addresses it has hard-coded inside
its code) is Friday or Sunday (regardless of the week) between 19:00 and 22:00
UTC time. The worm will perform this test every hour. The worm will stop spreading
on 10th of September 2003. From this date onwards the worm will exit immediately
when executed. Infection It will install
itself into: %windir%\winppr32.exe Proceeding then to add the following keys to
the Windows Registry: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrayX"
= %windir%\winppr32.exe /sinc [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayX" = %windir%\winppr32.exe /sinc So it's started when Windows does. MyDoom.S
A new variant of MyDoom worm - Mydoom.S, was found on August 16th, 2004. The worm
spreads like its previous variants. The worm's file is a PE executable 27136 bytes
long packed with UPX file compressor. The unpacked worm's size is about 53 KiB.
System Infection. The worm will attempt to download an executable from
four different URLs stored within its body, such URLs point to two different sites
(www.richcolour.com and zenandjuice.com). These sites were shut down by 18th of
August, 2004. Mydoom copies itself as "winpsd.exe" file to Windows System directory
and creates a startup key for the copied file in Windows Registry: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"winpsd.exe" = "%WinSysDir%\winlibs.exe" where %WinSysDir% represents Windows
System folder. As a result, the worm's file is started every time Windows starts.
The worm creates a mutex named '43jfds93872' Spreading in E-mails.
The email-spreading function will expire on August 20th, 2004. After this the
worm should not send emails any more. The worm spreads in e-mails. Before spreading
it collects e-mail addresses from an infected computer. The worm reads Windows
Address Book file, reads files in Temporary Internet Files folders and Windows
System folder. More
>> F-Secure Internet
Security 2004. Today's challenges
Today viruses spread very rapidly over the Internet causing damages to
computer users. Home users are not an exception to this. If you are connected
to the Internet, it is very important to protect your PC against computer viruses.
In addition, when you are connected to the Internet your computer is exposed to
hackers trying to find "open doors" in your system. F-Secure Internet Security
2004 includes an award winning antivirus software, as well as an easy-to-use personal
firewall product that protects your system against break-in attempts when you
are connected to the Internet. The solution You can surf on the
Internet, open e-mail attachments and use your computer without fear of virus
infections or hackers. You can also be sure that you are not sending viruses to
others. Just install and forget, F-Secure Internet Security 2004 will automatically
keep viruses and hackers away from your computer. Maximum protection
for your PC F-Secure Internet Security 2004 provides the best protection
for your PC against viruses and Internet attacks. Its superior automated virus
detection technology combined with a pre-configured firewall ensure that you're
protected against Internet-borne threaths. E-mail scanning POP3
and SMTP traffic are scanned for viruses i.e. you do not have to worry about infected
e-mails. Application Control You are able to control the applications
on the workstation that can access the Internet. Thus the users cannot run forbidden
applications (such as peer-to-peer networking) that may allow hackers and worms
to sneak in. Easy to install and use F-Secure Internet Security
2004 is extremely easy to install and use. As the software is highly automated,
you don't have to learn to use it or understand any complexities of data security.
Install & Forget; Automatically updated over the Internet Latest
virus definition updates are automatically downloaded in the background. After
installing F-Secure Internet Security you can safely read your e-mail and surf
the Internet. Virus News You will get news about new virus outbreaks
delivered to your computer. Buy
>> F-Secure Anti-Virus™ 2004.
Today's challenges An average of eight to 10 new viruses are
found each day and the rate seems to grow. Today viruses spread very rapidly over
the Internet causing damages to computer users. Home users are not an exception
to this. If you are connected to the Internet, it is very important to protect
your PC against computer viruses. The solution With F-Secure
Anti-Virus 2004 you can surf on the Internet, open e-mail attachments and use
your computer without fear of virus infections. You can also be sure that you
are not sending viruses to others. Just install and forget, F-Secure Anti-Virus
2004 will automatically keep viruses away from your computer. Best protection
for your PC With its superior virus detection technology combined with
a fast and automated updating mechanism, your PC is protected within a few hours
after a new virus has been found in the world. Among antivirus vendors, F-Secure
is often the fastest to respond to new virus threaths. E-mail scanning
POP3 and SMTP traffic are scanned for viruses i.e. you do not have to worry
about infected e-mails. Easy to install and use. F-Secure Anti-Virus
2004 is extremely easy to install and use. As the software is highly automated,
you don't have to learn to use it or understand any complexities of data security.
Install & Forget; Automatically updated over the Internet. Latest
virus definition updates are automatically downloaded in the background. After
installing F-Secure Anti-Virus 2004 you can safely read your email and surf the
Internet. Virus News. You will get news about new virus outbreaks
delivered to your computer.
Buy
>> F-Secure Anti-Virus Client
Security Traditional antivirus is not enough today: The
common belief is that the combination of network firewall and antivirus software
on servers, desktops and laptops is good enough. However, this is no longer true.
Protecting against these new forms of attack require a firewall to be integrated
within the antivirus software on each individual computer in any company.
The Solution: F-Secure Anti-Virus Client Security offers protection against
new breeds of threats. The centrally managed and easy-to-use solution consists
of tightly integrated virus protection, proactive personal firewall, intrusion
prevention and application control software for company desktop and laptop computers
Automatic Real-Time Antivirus Protection Viruses and malicious
code attacking via e-mail, the web, floppy disks and CD-ROMs are automatically
stopped in real-time. The scanning of POP3 and SMTP mail traffic ensures that
no viruses are sent out or received through e-mail. To ease installation, the
software seeks for other, potentially conflicting antivirus programs and automatically
removes them during installation. Automatic Virus Definition Updates and
Fail-Over Virus definition databases are transparently and automatically
updated typically 1-2 times per day with minimal bandwidth use. The fail-over
feature ensures that antivirus software will get the latest cure against new viruses
even if the primary delivery server is unreachable. Furthermore, virus removal
tools can be distributed with virus definition updates. Integrated Desktop
Firewall with Intrusion Prevention The integrated desktop firewall with
stateful inspection provides robust monitoring and filtering of Internet traffic
preventing unauthorized access to the workstations over the network and hides
the workstation from Internet hackers and network worms. The software also analyzes
Internet traffic and automatically detects and blocks suspicious network traffic
Application Control The network administrator is able to centrally
control, from one location, the applications on the workstations that are allowed
to access the Internet. Thus the end-users cannot run forbidden applications (such
as peer-to-peer networking) that may allow hackers and worms to sneak in.
Comprehensive Central Management and Reporting With F-Secure Policy Manager?
- a software included in the license - the network administrator can, from one
central location, remotely install, configure and monitor the software. The administrator
can lock the end-user interface and settings, and thereby prevent by-passing of
the protection. The software can also generate extensive reports including security
alerts, virus infection rates, virus definition database dates etc. The reports
and settings can be adjusted at the network, security domain or individual host
level. Buy
>> F-Secure
Internet Security 2004 (#510089) F-Secure
Anti-Virus 2004 (#513866) F-Secure
Anti-Virus Client Security (#517769)
|