Sobig.F to access AOL Time Warner server for information

Bucharest, 25.08.2003
BitDefender specialists today reveal hidden, encrypted information from the Sobig.F virus body, claiming that the virus looks for information on a server in USA. The information encloses an Internet address, from which the virus downloads and executes a file on the infected system.

"Apart the twenty servers from which the worm tries to download its Trojan executable, the variant of the SoBig virus analysed by the BitDefender team also includes encrypted information about 7 (seven) URLs, all of them belonging to a US-based ISP - Time Warner Telecom", says Mihai Chiriac, BitDefender Virus Researcher. "The code is quite straight-forward and accurately indicates that the virus asks for information at this address, waits for the answer and than runs the downloaded file on the infected host. As for the moment, there is no information at any of these addresses, we can't predict the code's effects", Mihai concluded.

The virus contains the following Internet addresses, currently in possession of Time Warner Telecom - an independently owned and operated company:

mx1.mail.twtelecom.net
mx2.mail.twtelecom.net
ns1.orng.twtelecom.net
ns1.snan.twtelecom.net
ns1.iplt.twtelecom.net
ns1.milw.twtelecom.net
ns1.nycl.twtelecom.net

AOL Time Warner owns approximately 43.9 percent of Time Warner Telecom's outstanding stock.

BitDefender antidote against Sobig.F virus is available for free.

For more details, please contact us or see the technical description .

All BitDefender users are protected against the new threats since this morning (August 19, 2003).
For a permanent protection, BitDefender Antivirus commercial solutions are available for sale on the Internet or at local distributors and start from USD 29.95.


* * *

About SOFTWIN
Founded in 1990, SOFTWIN is a leading provider of PC anti-virus software and computer security services. The company has developed and applied cutting-edge technologies in over 3500 software applications and data conversion projects for Fortune 500 companies in the United States and Europe. BitDefender™, its flagship product, is only the third product of its kind in the world to receive ICSA certification for Windows XP and the first to be awarded for groundbreaking innovation by the European Commission and Academies. SOFTWIN is headquartered in Bucharest, Romania, and employs more than 450.
Company Website: http://www.softwin.ro

About BitDefender
The mission of the SOFTWIN's Data Security Division is to ensure the protection of systems against computer viruses, to do antivirus research, to develop new technologies for monitoring all possible ways to infect a system and, last but not least, to educate the IT public of the danger of computer viruses. Launched as a new brand in November 2001, BitDefender™ now provides security solutions to satisfy the protection requirements of today's business environment, enabling management of all complex threats that endanger a network, from a small local area to large multi-server, multi-platform WAN's.
Website: http://www.bitdefender.com

BitDefender and the BitDefender logo are trademarks or registered trademarks, in the United States and certain other countries, of SOFTWIN SRL, Romania. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.