Stay up to date on the latest technology news with the our monthly email newsletter.
Toll Free - (877) 600-6550







Be sure to check our news section monthly for new and up to date information concerning the IT world. Also, feel free to sign up for our newsletter and get monthly news sent directly to your inbox.
Not another Computer Virus!!

WORM_MSBLAST.A and WORM_SOBIG.F hit internet users hard.

COMNEXIA Press Release / Atlanta, Georgia / September 1, 2003

August was a big battle month for most corporate users fighting the latest internet born malicious virus code. WORM_MSBLAST.A and WORM_SOBIG.F (nick named MS Blaster and SOBIG.F) rattled IT infrastructures in epic proportions.

WORM_MSBLAST.A - At COMNEXIA, we took the sting out of MS Blaster for our customers by always recommending a standard firewall appliance. COMNEXIA networks that had this appliance suffered little to no down time due to this worm. This vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface allows an attacker to gain full access and execute any code on a target machine, leaving it compromised. Since the worm propagates itself based on specific ip port 135, our firewall appliance blocked network entry to this worm.

WORM_SOBIG.F - This worm propagates by mass-mailing copies of itself using its own Simple Mail Transfer Protocol (SMTP) engine. It collects email addresses from files with the following extensions:

  • .DBX
  • .HLP
  • .MHT
  • .WAB
  • .HTML
  • .HTM
  • .TXT
  • .EML

The shear volume of email generated by this virus clogged ISP routers to the point at which small businesses with slower internet up-streams (i.e.: dial-in, ISDN, DSL) could in most cases not function over the internet at all. The unique vulnerability that this virus brought to reality allowed workstations totally outside of a corporate computer network to team up and attack a given specific network. In most cases this attack was simply a result of an out-of-network workstation using email addresses stored in one of the above mentioned file formats on a compromised workstation. Corporations that have outside sales staff or that have remote locations routinely have their entire global email address list stored in system outside the corporate network. As these systems were infected, a major SMTP broadcast attack would ensue. The COMNEXIA team took a unique approach to stopping these types of attacks. Our team of technicians helped a customer tech contact at each location isolate the ip address source of each email attack. At a core router level COMNEXIA then turned off all access to that specific infected user. When the user�s system was determined to be clean and healthy, we then removed the ip block.


About COMNEXIA: COMNEXIA provides outsourced IT support and cutting-edge solutions. COMNEXIA optimizes and customizes computer networks and specializes in Business Continuity, which ensures that networks are cost-efficient, always on, and safe. Headquartered in Atlanta, Ga. COMNEXIA partners with elite organizations like Dell, Hewlett Packard, Microsoft, Sage and Symantec to provide a uniquely comprehensive, and innovative list of products and services - covering the gamut of IT needs. For more information on COMNEXIA, visit our web site at comnexia.com.