CSE Customer Support
  Home     Forum     GuestBook  
Register   Login  
Menu
   > Home  Home
   > Forum  Forum
   > Win9x Rec-Disks  Win9x Rec-Disks
   > Anti-Virus  Anti-Virus
   > Software Trials  Software Trials
   > Drivers  Drivers
   > Launch Scripts  Launch Scripts
   > Downloads  Downloads
   > Tutorials  Tutorials
   > GuestBook  GuestBook

Site Stats
People Online:  9
Membership
Site Memberships: 168
Newest Member: smrt
Page Rank
PageRank
Hit Counter
310278 Visitors
Since Feb. 3, 2004

Site Scheme


Current: Invision

Web Search
Google™




External Support
[Image]
support.microsoft.com
 
 
[Image]
support.intel.com
 

support.veritas.com
 
[Image]
support.hp.com

[Image]
Ver7.5       Ver8.0
   News:
Critcal Security Bulletin   ::   VIRUS ALERT: RBot-NN and SDBot-OY Worms   ::   Bett 2004 - CSE Launches the CSE Network Toolkit   ::   Major collaboration with Junglebyte PTE of Singapore announced by CSE   ::   CSE Launches new range of IP based CCTV systems   ::   CSE announces joint sales venture with Junglebyte PTE

Home - News

VIRUS ALERT: RBot-NN and SDBot-OY Worms
 Publish Date : 09/09/2004 13:14:00   Source : Tony Saxby, CSE Technical Support

Nicely timed for the start of the new school term are a couple of rather nasty worms ready to infect your systems. While the payload of these worms is classified by Sophos as mild to moderate - they can and do generate significant network traffic. The result is extreamly poor network performance. So if you network has started to go slow you may need to check that you are not infected.

We have one instance of a NetWare server being bombarded with so much IP traffic that the server ran out of recieve buffers and stopped working!

The Sophos IDE's for these were released between the 8th and 9th of September and those who are using Sophos Enterprise Manager should now be protected from infection. But those who manually update their IDE files should visit the Sophos website and download the very latest IDE files and install them on the server.

If you are infected with these worms, you need to remove them using the procedure outlined in the various Sophos alerts. I have included links for these below.

As with most worms, leaving just one infected macine active on you network, can result in rapid re-infection of a system if it is left unprotected. So as a priority get the server and the central IDE files updated as soon as possible. Then make sure that the updated IDE's are rolled out to the stations. This will prevent the worm re-infecting your workstations.

This is an oportune moment to remind all Network administrators of the importance of making sure that all of the Sophos IDE's are upto date on your systems. Sophos EM users should check the system every day to make sure that the scheduled library downloads are happening and that there are no errors being reported. Users who do the Sophos upgrades manually should not rely on the disks that Sophos sends each month. Rather you need to make sure that your IDE files are updated on a d daily basis.

Sophos Links

Sdbot-oy (9th sept) http://www.sophos.com/virusinfo/analyses/w32sdbotoy.html

Rbot-io (8th sept) http://www.sophos.com/virusinfo/analyses/w32rbotio.html

Rbot-il (8th sept) http://www.sophos.com/virusinfo/analyses/w32rbotil.html

Rbot-ik (8th sept) http://www.sophos.com/virusinfo/analyses/w32rbotik.html

Sdbot-ov (7th sept) http://www.sophos.com/virusinfo/analyses/w32sdbotov.html

Sophos IDE Download page http://www.sophos.com/downloads/ide/

Article Written by Tony Saxby, CSE Ltd Technical Support

Home - News
* Webmaster |  ©2004 CSE Customer Support |  Site Launched: Feb. 3, 2004