Wednesday, January 04, 2006

Slowing down the Sober worm

The numerous variants of the Sober worm include a nasty feature where if it infects even one machine, it has its own SMTP engine and will begin sending out copies of itself via SMTP. Many times over the last few months, I have heard of situations where one or two machines on a network did not have proper virus protection installed and thus were sending out Sober varitants to the world.

One suggestion to help slow down Sober and worms like this. Block outbound SMTP on your firewall so that only authorized servers (your SMTP gateways or Exchange servers) can send outbound SMTP. This is a pretty simple thing to block and IMHO should be done on ALL networks.


Post a Comment

<< Home