W32.Sobig.2 mm and TDS-3

Discussion in 'Trojan Defence Suite' started by richrf, Jan 12, 2004.

Thread Status:
Not open for further replies.
  1. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    I just purchased the DiamondCS package and I think they are all wonderful products. So first I would like to say thank you for the products and your very valuable past support. :)

    I have a question regarding a copy of W32.Sobig.F that was able to enter into my machine.

    I run NAV and Wormguard at startup and I access my email from Yahoo via the Yahoo Web-based service with Netscape Navigator 7.1.

    Today, I ran TDS-3 as regular maintenance and it reported no problems. I then ran Norton Virus Scan with the latest updates and it reported that a copy of W32.Sobig.F was found in my Mozilla Cache as application.pif and it deleted it. I have two questions:

    1) Is this the type of virus that TDS-3 should be catching?

    2) How was this application.pif file able to get through if I am accessing all of my files via the Navigator Web Browser?

    I greatly appreciate any information that you can provide to me.

    Sincerely,
    Rich
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Generally Wormguard can help to stop a worm getting past your defences, but newer worms are proving harder to stop. The new version of Wormguard has been designed with recent attacks in mind and will be able to unpack some compressors to help its cause.

    TDS should detect the common worms, we do add detection for any we can when we receive them. If you still have a copy of this one please send it in. Sobig.F is a variant which is covered by TDS so perhaps it is a further variant which was repackaged by the author.
     
Thread Status:
Not open for further replies.