|
Disinfection Tool.
F-Secure provides the special tool to disinfect
the Sobig.F
worm.
Sobig sends massive amounts of mail. The sender
information of these mails is wrong and doesn't
indicate the real infected user. The attachment
has a size of around 70KB and it's packed with
TELock. It has its own SMTP engine, apart from
routines to query directly DNS servers and make
requests using the Network Time Protocol. The
worm will also attempt to fetch a URL from where
to download components when certain conditions
are met. The condition, in this case, is that
the time which is obtained from one the NTP servers
(which addresses it has hard-coded inside its
code) is Friday or Sunday (regardless of the week)
between 19:00 and 22:00 UTC time. The worm will
perform this test every hour. The worm will stop
spreading on 10th of September 2003. From this
date onwards the worm will exit immediately when
executed.
Infection It
will install itself into: %windir%\winppr32.exe
Proceeding then to add the following keys to the
Windows Registry: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayX" = %windir%\winppr32.exe /sinc [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayX" = %windir%\winppr32.exe /sinc So it's
started when Windows does.
MyDoom.S
A new variant of MyDoom worm - Mydoom.S, was found
on August 16th, 2004. The worm spreads like its
previous variants. The worm's file is a PE executable
27136 bytes long packed with UPX file compressor.
The unpacked worm's size is about 53 KiB.
System Infection. The worm will attempt
to download an executable from four different
URLs stored within its body, such URLs point to
two different sites (www.richcolour.com and zenandjuice.com).
These sites were shut down by 18th of August,
2004. Mydoom copies itself as "winpsd.exe" file
to Windows System directory and creates a startup
key for the copied file in Windows Registry: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"winpsd.exe" = "%WinSysDir%\winlibs.exe" where
%WinSysDir% represents Windows System folder.
As a result, the worm's file is started every
time Windows starts. The worm creates a mutex
named '43jfds93872'
Spreading in E-mails. The email-spreading
function will expire on August 20th, 2004. After
this the worm should not send emails any more.
The worm spreads in e-mails. Before spreading
it collects e-mail addresses from an infected
computer. The worm reads Windows Address Book
file, reads files in Temporary Internet Files
folders and Windows System folder. More
>>
F-Secure
Internet Security 2004.
Today's challenges
Today viruses spread very rapidly over the Internet
causing damages to computer users. Home users
are not an exception to this. If you are connected
to the Internet, it is very important to protect
your PC against computer viruses. In addition,
when you are connected to the Internet your computer
is exposed to hackers trying to find "open doors"
in your system. F-Secure Internet Security 2004
includes an award winning antivirus software,
as well as an easy-to-use personal firewall product
that protects your system against break-in attempts
when you are connected to the Internet.
The solution
You can surf on the Internet, open e-mail attachments
and use your computer without fear of virus infections
or hackers. You can also be sure that you are
not sending viruses to others. Just install and
forget, F-Secure Internet Security 2004 will automatically
keep viruses and hackers away from your computer.
Maximum protection for your PC
F-Secure Internet Security 2004 provides the best
protection for your PC against viruses and Internet
attacks. Its superior automated virus detection
technology combined with a pre-configured firewall
ensure that you're protected against Internet-borne
threaths.
E-mail scanning
POP3 and SMTP traffic are scanned for viruses
i.e. you do not have to worry about infected e-mails.
Application Control
You are able to control the applications on the
workstation that can access the Internet. Thus
the users cannot run forbidden applications (such
as peer-to-peer networking) that may allow hackers
and worms to sneak in.
Easy to install and use
F-Secure Internet Security 2004 is extremely easy
to install and use. As the software is highly
automated, you don't have to learn to use it or
understand any complexities of data security.
Install & Forget; Automatically updated over the
Internet
Latest virus definition updates are automatically
downloaded in the background. After installing
F-Secure Internet Security you can safely read
your e-mail and surf the Internet.
Virus News
You will get news about new virus outbreaks delivered
to your computer.
Buy
>>
F-Secure Anti-Virus™ 2004.
Today's challenges
An average of eight to 10 new viruses are found
each day and the rate seems to grow. Today viruses
spread very rapidly over the Internet causing
damages to computer users. Home users are not
an exception to this. If you are connected to
the Internet, it is very important to protect
your PC against computer viruses.
The solution
With F-Secure Anti-Virus 2004 you can surf on
the Internet, open e-mail attachments and use
your computer without fear of virus infections.
You can also be sure that you are not sending
viruses to others. Just install and forget, F-Secure
Anti-Virus 2004 will automatically keep viruses
away from your computer.
Best protection for your PC
With its superior virus detection technology combined
with a fast and automated updating mechanism,
your PC is protected within a few hours after
a new virus has been found in the world. Among
antivirus vendors, F-Secure is often the fastest
to respond to new virus threaths.
E-mail scanning
POP3 and SMTP traffic are scanned for viruses
i.e. you do not have to worry about infected e-mails.
Easy to install and use.
F-Secure Anti-Virus 2004 is extremely easy to
install and use. As the software is highly automated,
you don't have to learn to use it or understand
any complexities of data security.
Install & Forget; Automatically updated over the
Internet.
Latest virus definition updates are automatically
downloaded in the background. After installing
F-Secure Anti-Virus 2004 you can safely read your
email and surf the Internet.
Virus News.
You will get news about new virus outbreaks delivered
to your computer.
Buy
>>
F-Secure Anti-Virus
Client Security
Traditional antivirus is not enough today:
The common belief is that the combination of network
firewall and antivirus software on servers, desktops
and laptops is good enough. However, this is no
longer true. Protecting against these new forms
of attack require a firewall to be integrated
within the antivirus software on each individual
computer in any company.
The Solution:
F-Secure Anti-Virus Client Security offers protection
against new breeds of threats. The centrally managed
and easy-to-use solution consists of tightly integrated
virus protection, proactive personal firewall,
intrusion prevention and application control software
for company desktop and laptop computers
Automatic Real-Time Antivirus Protection
Viruses and malicious code attacking via e-mail,
the web, floppy disks and CD-ROMs are automatically
stopped in real-time. The scanning of POP3 and
SMTP mail traffic ensures that no viruses are
sent out or received through e-mail. To ease installation,
the software seeks for other, potentially conflicting
antivirus programs and automatically removes them
during installation.
Automatic Virus Definition Updates and Fail-Over
Virus definition databases are transparently and
automatically updated typically 1-2 times per
day with minimal bandwidth use. The fail-over
feature ensures that antivirus software will get
the latest cure against new viruses even if the
primary delivery server is unreachable. Furthermore,
virus removal tools can be distributed with virus
definition updates.
Integrated Desktop Firewall with Intrusion Prevention
The integrated desktop firewall with stateful
inspection provides robust monitoring and filtering
of Internet traffic preventing unauthorized access
to the workstations over the network and hides
the workstation from Internet hackers and network
worms. The software also analyzes Internet traffic
and automatically detects and blocks suspicious
network traffic
Application Control
The network administrator is able to centrally
control, from one location, the applications on
the workstations that are allowed to access the
Internet. Thus the end-users cannot run forbidden
applications (such as peer-to-peer networking)
that may allow hackers and worms to sneak in.
Comprehensive Central Management and Reporting
With F-Secure Policy Manager? - a software included
in the license - the network administrator can,
from one central location, remotely install, configure
and monitor the software. The administrator can
lock the end-user interface and settings, and
thereby prevent by-passing of the protection.
The software can also generate extensive reports
including security alerts, virus infection rates,
virus definition database dates etc. The reports
and settings can be adjusted at the network, security
domain or individual host level.
Buy
>>
F-Secure
Internet Security 2004 (#510089)
F-Secure
Anti-Virus 2004 (#513866)
F-Secure
Anti-Virus Client Security (#517769)
|
