[Dshield] "Important information on the Sobig virus" from Adelphia

Michael Machnica brainwave at adelphia.net
Fri Aug 22 15:26:36 GMT 2003


Untitled DocumentI just received this from Adelphia, one for each of my e-mail accounts. I don't know why it has a 6pm time, though. This is their 3rd mailing in the past week with security information for their customers.

Michael

----- Original Message ----- 
From: Adelphia Advanced Products Customer Care 
To: Power Link Subscriber 
Sent: Friday, August 22, 2003 6:00 PM
Subject: "Important information on the Sobig virus"


Dear Adelphia High-Speed Internet Customer, 
As you may be aware, Adelphia is currently taking steps to minimize the spread of two new viruses: the Nachi/Welchia Worm, a new version of the recent Blaster Worm virus that has been attacking Microsoft operating systems, and the Sobig.f virus, a mass-mailing type of virus that arrives as an e-mail attachment. 

Nachi/Welchia Worm
Special tools for removing the Nachi/Welchia worm from your PC can be found at the following links:

http://us.mcafee.com/virusInfo/default.asp?id=nachi#removal_instructions

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html#removalinstructions

http://www.sophos.com/virusinfo/analyses/w32nachia.html

To prevent re-infection of your PC, we recommend our customers take the following actions:

1. Install the patches released by Microsoft to repair the vulnerability. These patches can be found at:
http://windowsupdate.microsoft.com

2. Install anti-virus software on your PC or, if you have already done so, update the software to the most up-to-date virus definitions

3. Install a firewall to help prevent unauthorized access to your PC

Sobig.f Virus
When activated, the Sobig.f virus infects a PC and then further spreads by sending emails to all email addresses found within the email address book on this infected PC . The virus does this using its own mail server that is part of the virus. When the virus sends an e-mail it falsifies the "from:" field using one of the addresses harvested from the address book. This makes it appear that the virus was sent from someone else rather than the infected machine.

Further information on this virus can be found at the following links:

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=sobig

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

http://www.sophos.com/virusinfo/analyses/w32sobigf.html


These viruses have impacted Adelphia's network as well as the networks of other internet service providers. You may be noticing slow speeds, frequent disconnections or no connection at all. We are working to stabilize our network quickly and appreciate your patience and understanding throughout this process.

In order to continue stabilizing our network, Adelphia will be taking additional measures that will impact a small percentage of Power Link customers that use ping commands. Low-level pings will be blocked for an undetermined amount of time. If you use pings, you may not be able to ping anything outside the Adelphia network while this block is in place. This will only affect the small percentage of Power Link customers who use pings. As soon as the spread of the worm is under control and our network is stabilized, we will remove this block. We regret to have to put this block into effect, but it is crucial to stabilize the network and reduce the number of requests currently flooding our system due to the virus.


Further information regarding viruses and online security can be found on Adelphia's eSafety page at http://www.adelphia.com/esafety 

Please be assured that Adelphia is taking all possible measures to prevent the virus from impacting the Power Link network.

Thank you,

Adelphia Communications



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/03



More information about the list mailing list