www.whizpr.nlwww.marcommit.nlProgressCommunications.eu
ProgressCommunications.euINFLUX PRwww.whizpr.nl

Volg ook via:
Datum: (23 jaar en 51 dagen geleden)
Bedrijf:

Panda Software recommends users to stay on their guard against Sobig.C

  • It is the new variant of Sobig and Sobig.B worms, appeared last 19th May. They infected numerous corporate environments
  • As the previous versions, Sobig.C has it own SMTP engine to distribute itself through e-mail. It makes that worm so dangerous

MADRID, June, 1st, 2003

Panda Software recommends users to stay on their guard against the appearing of the new worm Sobig.C. The international technical support had receiving some incidents caused by this new malicious code. Its prebious versions, Sobig and Sobig.B, infected numerous corporate environments in just few hours. For this reason, and to avoid being affected by this new worm, the company recommends to all customers to update their antivirus on www.pandasoftware.com/download/updates, or install the protection as soon as possible if they don’t have it yet.

Sobig.C has been developed in Microsoft Visual C++. It affects Win9x, ME, NT, 2000 and XP systems and has a size of 59.211 Bytes (compressed by UPX).
The new worm Sobig.C, as th eprevious versions, can distribute itself thanks to it own SMTP engine. Sobig.C spreads via e-mail, using its own SMTP engine, to all addresses it finds in the affected computer in files with the following extensions: .TXE, .EML, .HTM*, .DBX, and .WAB..

The ‘From’ field in the e-mail that carries the worm displays different address extracted from the computed affected. It uses the “Social engineering” as it comes from a known addresses and try to mislead users.
The message subject is variable, and could include any of the following: 
Re: 45443-343556
Re: Approved
Approved
Re: Movie
Re: Your application
Re:Application
Re: Submited (004756-3463)

The name of the attached file that actually contains Sobig.C is also variable, and could be:
Screensaver.scr
movie.pif
submited.pif
45443.pif
approved.pif
application.pif
document.pif
documents.pif

The message body has only one sentence: “Please, see the attached file.”
Once installed in the computer, the worm tries to copy itself in the following network address, if available:

  • \Documents and Settings\All Users\Start Menu\Programs\Startup\
  • \Windows\All Users\Start Menu\Programs\Startup\

When executed, the worm copies in the folder %windir% a file called “mscvb32.exe”, containing the worm code and creates another file called msddr.dat.
In addition, Sobig.C adds the following registry entries to get control of the system on each reboot:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
System MScvb = %windir%\mscvb32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
System MScvb = %windir%\mscvb32.exe (donde %WinDir% es el directorio de Windows por defecto, por ejemplo, Winnt o Windows).

All Panda Software customers can Update their antivirus because the signature file update is available. To all the users without any antivirus protection, they can use on line Panda ActiveScan for free, in www.pandasoftware.com or download any Panda Antivirus trial version  in www.pandasoftware.com/download

About Panda Software's virus laboratory
 
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.

For more information:
Yolanda Ruiz
yruiz@pandasoftware.es
Tel. +34 91 806 37 00


Verstreken tijd: 23 jaar en 51 dagen
Panda Security contact  

+31 183 69 90 20
www.pandasecurity.com

Marcommit is hét full service B2B marketing bureau van Nederland! Wij helpen jouw bedrijf met offline en online marketing campagnes die écht werken.
 Spotlight  
Logo Productowner.nl
Logo ZAMKO
Logo Innvolve
Logo ClickPatrol
Logo NetRom Software
Logo RAVI RYAN MOHANLAL
Logo BTG
Logo NHA Opleidingen
Logo Polly.Help
Logo MI Consultancy
Logo Incentro
Logo Stromma Nederland
Logo Fairbanks
Logo Valid
Logo Westpoort
Logo DNA Services B.V.
Logo PQR
Logo Web Wings
Logo Spryng
Logo We talk SEO B.V.
Logo Victoria ID
Logo DNA Services B.V.
Logo Twenty Four Webvertising
Logo Web Wings
Logo Web Wings
Logo BusinessCom
Logo Msafe
Logo SCOS ViaCloud BV
Logo Keuze.nl BV
Logo Spryng
Logo Red Hat
Logo HCC
Logo Xebia
Logo Unit4
Logo reichelt elektronik
Logo Conclusion
Logo Schneider Electric
Logo Proofpoint
Logo PQR
Logo KnowBe4
Logo Web Wings
Logo Schneider Electric
Logo Learned
Logo Red Hat
Logo Veeam Software
TARIEVEN
Publicatie eenmalig €49

PUBLICATIEBUNDELS
6 voor €199
12 voor €349
Onbeperkt €499

EENMALIG PLAATSEN
Persbericht aanleveren

REGELMATIG PLAATSEN
Bedrijfsabonnement
CONTACT
Persberichten.com
JMInternet
Kuyperstraat 48
7942 BR Meppel
Nederland
info@persberichten.com
KvK 54178096

VOLGEN
@ICTBERICHTEN

ZOEKEN
IT bedrijf
IT PR-bureau
OVER ONS
Persberichten.com, hét platform voor IT/Tech persberichten

DATABASE
103950 persberichten
7050 bedrijfsprofielen
60 PR-bureauprofielen
17601 tags

KENMERKEN
• Behouden tekstopmaak
• Foto/illustratie/logo
• Downloadbare bijlages
• Profiel met socials
 
www.whizpr.nlwww.marcommit.nlProgressCommunications.eu
INFLUX PRINFLUX PRProgressCommunications.eu