Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]

From: Jonathan Maltz [MS-MVP] (jmaltz_at_mvps.org)
Date: 08/23/03 

Date: Sat, 23 Aug 2003 10:07:33 -0400

They have a balloon that says "we downloaded updates now click to install
them" already by default. If they just sporadically rebooted users
machines, then they'd be yelled at, and it seems if they _don't_ reboot
user's machines, then they get screamed at as well, catch 22 

-- 
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.imbored.biz - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup.  If I see an email I didn't ask for, it will be
deleted without reading.
"svaardt" <svaardt@H0TMA1L.C0M> wrote in message
news:OrlDb4XaDHA.1748@TK2MSFTNGP12.phx.gbl...
> It's a pity Microsoft couldnt post a patch for their OS's to include
better
> security by default or to make it simpler for an end-user to enable
> security.
>
> perhaps Something like:
>
> Enable Security:
> * I know nothing of security do it for me:
>       This machine is :
>          * a standalone machine connected to the Internet
>          * connects directly to the internet and to one of more of my home
> machines
>
> * I have a medium level of knowledge about security
>     ...
>
> * I  am a security expert let me change all items
>     ...
>
>
>
>
> "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
> news:OdK7vbXaDHA.2648@TK2MSFTNGP09.phx.gbl...
> > If every user had a good firewall and AV, then this, and many other,
worms
> > wouldn't spread.  In this case, it connected to other servers (well, it
> was
> > supposed to) so a good firewall would've blocked that.  In the case of
> > Blaster, that spread by connecting to other computers, so that would've
> been
> > stopped as well
> >
> > -- 
> > --Jonathan Maltz [Microsoft MVP - Windows Server]
> > http://www.imbored.biz - A Windows Server 2003 visual, step-by-step
> > tutorial site :-)
> > Only reply by newsgroup.  If I see an email I didn't ask for, it will be
> > deleted without reading.
> >
> >
> > "Ogre" <Ogre@hotmail.com> wrote in message
> > news:VYI1b.418$XB.6@news-binary.blueyonder.co.uk...
> > > I wonder how bad this problem would be if the majority of home users
> > > installed a firewall program or some kind of layered defence. I was
> > talking
> > > to a DSL user the other night and I asked him what firewall he was
> using,
> > he
> > > replied ''What is a firewall?''
> > >
> > > From what I can see the worm needs unrestricted access to the TCP/UDP
> > > communication Ports, access to the important Run sections of the
> Registry
> > > and it needs to be able to execute a foreign program on the infected
> host.
> > > Would this worm be successful if a user was running a properly
> configured
> > > firewall ? would it be able to add itself to the Registry Run sections
> if
> > > the user was running a program which monitored these sections ?
(Regprot
> > or
> > > GuardDog)
> > >
> > > Could the worm execute if the user was running a program such as
> Abtrusion
> > > Protector or System Safety Monitor (free). Both of these programs
alert
> > the
> > > user upon unauthorised programs trying to execute.
> > >
> > > I think these increasing worm attacks will always be effective as long
> as
> > > the (majority) home user is unaware of the importance of computer
> security
> > > and a layered defence. If I understand right, SoBig.F requires the
user
> to
> > > click on an unknown attachment in their email in order to be able to
> > > execute/infect. Regardless of Anti-Virus updates or patches, these
> attacks
> > > will always be successful unless the average user does something about
> it.
> > I
> > > think proactive solutions such as sandboxing (ww.finjan.com) could be
> more
> > > effective than reactive solutions such as AntiVirus.
> > >
> > >
> > >
> > >
> > > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
> > > news:uIhWhCTaDHA.656@tk2msftngp13.phx.gbl...
> > > > Oh.  :-/
> > > >
> > > > --
> > > > --Jonathan Maltz [Microsoft MVP - Windows Server]
> > > > http://www.imbored.biz - A Windows Server 2003 visual, step-by-step
> > > > tutorial site :-)
> > > > Only reply by newsgroup.  If I see an email I didn't ask for, it
will
> be
> > > > deleted without reading.
> > > >
> > > >
> > > > "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> > > > news:u1htGzSaDHA.2932@tk2msftngp13.phx.gbl...
> > > > > Right--the present sobig-F will have another go on Sunday.
However,
> > the
> > > > > present sobig version apparently dies on 9/10, and past experience
> > leads
> > > > > experts to expect a replacement.......
> > > > >
> > > > > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
> > > > > news:uW7YcpSaDHA.1832@TK2MSFTNGP09.phx.gbl...
> > > > > > According to Karl's original announcement it should be Sunday,
no?
> > > > > >
> > > > > > --
> > > > > > --Jonathan Maltz [Microsoft MVP - Windows Server]
> > > > > > http://www.imbored.biz - A Windows Server 2003 visual,
> step-by-step
> > > > > > tutorial site :-)
> > > > > > Only reply by newsgroup.  If I see an email I didn't ask for, it
> > will
> > > be
> > > > > > deleted without reading.
> > > > > >
> > > > > >
> > > > > > "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in
> message
> > > > > > news:OlvomfSaDHA.2308@TK2MSFTNGP12.phx.gbl...
> > > > > > > I'm not sure I have all the details right, but it's clear that
> > > whoever
> > > > > is
> > > > > > > behind this isn't done yet.  There may be more to come from
this
> > > > > > iteration,
> > > > > > > and most folks are predicting another iteration on September
> 11th.
> > > > > > >
> > > > > > > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
> > > > > > > news:eatrIDSaDHA.1872@TK2MSFTNGP12.phx.gbl...
> > > > > > > > Ah, I see...heh
> > > > > > > >
> > > > > > > > Thanks for the info
> > > > > > > >
> > > > > > > > --
> > > > > > > > --Jonathan Maltz [Microsoft MVP - Windows Server]
> > > > > > > > http://www.imbored.biz - A Windows Server 2003 visual,
> > > step-by-step
> > > > > > > > tutorial site :-)
> > > > > > > > Only reply by newsgroup.  If I see an email I didn't ask
for,
> it
> > > > will
> > > > > be
> > > > > > > > deleted without reading.
> > > > > > > >
> > > > > > > >
> > > > > > > > "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in
> > > message
> > > > > > > > news:ug5NyuRaDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > > > > > > > nah - what the worm was to get from the 20 machines was a
> > > pointer
> > > > to
> > > > > > > > another
> > > > > > > > > machine.  It never happened--the 20 machines were left
> > pointing
> > > to
> > > > a
> > > > > > > porn
> > > > > > > > > site.
> > > > > > > > >
> > > > > > > > > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in
message
> > > > > > > > > news:u$3gfURaDHA.2136@TK2MSFTNGP10.phx.gbl...
> > > > > > > > > > Anyone find out what this mystery EXE is?
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > --Jonathan Maltz [Microsoft MVP - Windows Server]
> > > > > > > > > > http://www.imbored.biz - A Windows Server 2003 visual,
> > > > > step-by-step
> > > > > > > > > > tutorial site :-)
> > > > > > > > > > Only reply by newsgroup.  If I see an email I didn't ask
> > for,
> > > it
> > > > > > will
> > > > > > > be
> > > > > > > > > > deleted without reading.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > "Karl Levinson [x y] mvp" <levinson_k@despammed.com>
wrote
> > in
> > > > > > message
> > > > > > > > > > news:eUHy2KNaDHA.1492@TK2MSFTNGP12.phx.gbl...
> > > > > > > > > > >
> > > > > > > > > > > Relatively new information about the Sobig.F worm
> activity
> > > > > > happening
> > > > > > > > > > TODAY:
> > > > > > > > > > >
> > > > > > > > > > > Around 3:00pm to 6:00pm today EST, Friday 22 August
2003
> > and
> > > > > > Sunday
> > > > > > > 24
> > > > > > > > > > > August 2003, computers that are currently infected
with
> > the
> > > > > > Sobig.F
> > > > > > > > worm
> > > > > > > > > > > will be directed by the worm to connect to the
Internet
> > and
> > > > then
> > > > > > > > > download
> > > > > > > > > > > and run a mystery program.
> > > > > > > > > > >
> > > > > > > > > > > No one knows what this program will do.  AFAIK, the
> virus
> > > > > authors
> > > > > > > are
> > > > > > > > > not
> > > > > > > > > > > making the download executable available until the
> attack
> > > > > begins.
> > > > > > > > > > >
> > > > > > > > > > > Antivirus updates downloaded August 19 or later should
> > > detect
> > > > > > > Sobig.F.
> > > > > > > > > > >
> > > > > > > > > > > The Sobig.F worm is believed to use the ports UDP 8998
> as
> > > well
> > > > > as
> > > > > > > 995
> > > > > > > > > > > through 999 UDP [the former for command and control
> > outbound
> > > > > from
> > > > > > > the
> > > > > > > > > > > infected device possibly involving the "master
servers,"
> > the
> > > > > > others
> > > > > > > > > opened
> > > > > > > > > > > and listening inbound on the infected workstation].
> > > > > > > > > > >
> > > > > > > > > > > There is a list of the host names and IP addresses the
> > ones
> > > > the
> > > > > > worm
> > > > > > > > > will
> > > > > > > > > > > attempt to download from, but this list is not yet
> public
> > > > > > > information
> > > > > > > > as
> > > > > > > > > > far
> > > > > > > > > > > as I know.  Reportedly it may be on
> www.google.com/groups,
> > > but
> > > > I
> > > > > > > > didn't
> > > > > > > > > > see
> > > > > > > > > > > it when I searched.
> > > > > > > > > > >
> > > > > > > > > > > Sobig.F infected machines may be using UDP port 123
> [NTP]
> > to
> > > > > check
> > > > > > > the
> > > > > > > > > > time
> > > > > > > > > > > once per hour from one of the time servers below:
> > > > > > > > > > >
> > > > > > > > > > >  200.68.60.246
> > > > > > > > > > >  62.119.40.98
> > > > > > > > > > >  150.254.183.15
> > > > > > > > > > >  132.181.12.13
> > > > > > > > > > >  193.79.237.14
> > > > > > > > > > >  131.188.3.222
> > > > > > > > > > >  131.188.3.220
> > > > > > > > > > >  193.5.216.14
> > > > > > > > > > >  193.67.79.202
> > > > > > > > > > >  133.100.11.8
> > > > > > > > > > >  193.204.114.232
> > > > > > > > > > >  138.96.64.10
> > > > > > > > > > >  chronos.cru.fr
> > > > > > > > > > >  212.242.86.186
> > > > > > > > > > >  128.233.3.101
> > > > > > > > > > >  142.3.100.2
> > > > > > > > > > >  200.19.119.69
> > > > > > > > > > >  137.92.140.80
> > > > > > > > > > >  129.132.2.21
> > > > > > > > > > >
> > > > > > > > > > > A workstation infected with Sobig.F should contain the
> > > > following
> > > > > > > file
> > > > > > > > > and
> > > > > > > > > > > registry entries:
> > > > > > > > > > >
> > > > > > > > > > >  %windir%\winppr32.exe    e.g. c:\winnt\winppr32.exe
> > > > > > > > > > >
> > > > > > > > > > >  [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
> > > > > > > > > > >  "TrayX" = %windir%\winppr32.exe /sinc
> > > > > > > > > > >
> > > > > > > > > > >  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
> > > > > > > > > > >  "TrayX" = %windir%\winppr32.exe /sinc
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > As new information is discovered about the purpose of
> this
> > > > > mystery
> > > > > > > > > program
> > > > > > > > > > > download, it will be posted at the sites below:
> > > > > > > > > > >
> > > > > > > > > > > http://www.f-secure.com/v-descs/sobig_f.shtml
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
> > > > > > > > > > >
> > > > > > > > > > > Other sites with information:
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
> > > > > > > > > > > &VSect=T
> > > > > > > > > > > http://vil.nai.com/vil/content/v_100561.htm
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > I received this information pretty much only from the
> > > > > F-secure.com
> > > > > > > > > mailing
> > > > > > > > > > > list [though it's corroborated by the Symantec web
site
> as
> > > > > well].
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: Sirkia, Jaana [mailto:Jaana.Sirkia@F-Secure.com]
> > > > > > > > > > > Sent: Friday, August 22, 2003 8:38 AM
> > > > > > > > > > > To: press-pr@lists.F-Secure.com;
> > > > > > > > > > > press-english-virus-announcement@lists.F-Secure.com;
> > > > > > > > > > > press-english-technical@lists.F-Secure.com
> > > > > > > > > > > Subject: MEDIA RELEASE:A potentially massive Internet
> > attack
> > > > > > starts
> > > > > > > > > > > today
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > This press release comes from F-Secure. For more
> > > > > > > > > > > information on F-Secure's mailing list policy,
> > > > > > > > > > > see end of message.
> > > > > > > > > > >
> > > > > > > > > > > PRESS RELEASE
> > > > > > > > > > >
> > > > > > > > > > > August 22, 2003
> > > > > > > > > > >
> > > > > > > > > > > A potentially massive Internet attack starts today
> > > > > > > > > > > Sobig.F downloads and executes a mysterious program on
> > > Friday
> > > > at
> > > > > > > 19:00
> > > > > > > > > UTC
> > > > > > > > > > >
> > > > > > > > > > > F-Secure Corporation is warning about a new level of
> > attack
> > > to
> > > > > be
> > > > > > > > > > unleashed
> > > > > > > > > > > by the Sobig.F worm today.
> > > > > > > > > > >
> > > > > > > > > > > Windows e-mail worm Sobig.F, which is currently the
most
> > > > > > widespread
> > > > > > > > worm
> > > > > > > > > > in
> > > > > > > > > > > the world, has created massive e-mail outages globally
> > since
> > > > it
> > > > > > was
> > > > > > > > > found
> > > > > > > > > > on
> > > > > > > > > > > Tuesday the 18th of August - four days ago. The worm
> > spreads
> > > > > > itself
> > > > > > > > via
> > > > > > > > > > > infected e-mail attachments in e-mails with a spoofed
> > sender
> > > > > > > address.
> > > > > > > > > > Total
> > > > > > > > > > > amount of infected e-mails seen in the Internet since
> this
> > > > > attack
> > > > > > > > > started
> > > > > > > > > > is
> > > > > > > > > > > close to 100 million.
> > > > > > > > > > >
> > > > > > > > > > > However, the Sobig.F worm has a surprise attack in its
> > > sleeve.
> > > > > All
> > > > > > > the
> > > > > > > > > > > infected computers are entering a second phase today,
on
> > > > Friday
> > > > > > the
> > > > > > > > 22nd
> > > > > > > > > > of
> > > > > > > > > > > August, 2003. These computers are using atom clocks to
> > > > > synchronize
> > > > > > > the
> > > > > > > > > > > activation to start exactly at the same time around
the
> > > world:
> > > > > at
> > > > > > > > > 19:00:00
> > > > > > > > > > > UTC (12:00 in San Francisco, 20:00 in London, 05:00 on
> > > > Saturday
> > > > > in
> > > > > > > > > > Sydney).
> > > > > > > > > > >
> > > > > > > > > > > On this moment, the worm starts to connect to machines
> > found
> > > > > from
> > > > > > an
> > > > > > > > > > > encrypted list hidden in the virus body. The list
> contains
> > > the
> > > > > > > address
> > > > > > > > > of
> > > > > > > > > > 20
> > > > > > > > > > > computers located in USA, Canada and South Korea.
> > > > > > > > > > >
> > > > > > > > > > > "These 20 machines seem to be typical home PCs,
> connected
> > to
> > > > the
> > > > > > > > > Internet
> > > > > > > > > > > with always-on DSL connections", says Mikko Hypponen,
> > > Director
> > > > > of
> > > > > > > > > > Anti-Virus
> > > > > > > > > > > Research at F-Secure. "Most likely the party behind
> > Sobig.F
> > > > has
> > > > > > > broken
> > > > > > > > > > into
> > > > > > > > > > > these computers and they are now being misused to be
> part
> > of
> > > > > this
> > > > > > > > > attack".
> > > > > > > > > > >
> > > > > > > > > > > The worm connects to one of these 20 servers and
> > > authenticates
> > > > > > > itself
> > > > > > > > > with
> > > > > > > > > > a
> > > > > > > > > > > secret 8-byte code. The servers respond with a web
> > address.
> > > > > > Infected
> > > > > > > > > > > machines
> > > > > > > > > > > download a program from this address - and run it. At
> this
> > > > > moment
> > > > > > it
> > > > > > > > is
> > > > > > > > > > > completely unknown what this mystery program will do.
> > > > > > > > > > >
> > > > > > > > > > > F-Secure has been able to break into this system and
> crack
> > > the
> > > > > > > > > encryption,
> > > > > > > > > > > but currently the web address sent by the servers
> doesn't
> > go
> > > > > > > anywhere.
> > > > > > > > > > "The
> > > > > > > > > > > developers of the virus know that we could download
the
> > > > program
> > > > > > > > > > beforehand,
> > > > > > > > > > > analyse it and come up with countermeasures", says
> > Hypponen.
> > > > "So
> > > > > > > > > > apparently
> > > > > > > > > > > their plan is to change the web address to point to
the
> > > > correct
> > > > > > > > address
> > > > > > > > > or
> > > > > > > > > > > addresses just seconds before the deadline. By the
time
> we
> > > get
> > > > a
> > > > > > > copy
> > > > > > > > of
> > > > > > > > > > the
> > > > > > > > > > > file, the infected computers have already downloaded
and
> > run
> > > > > it".
> > > > > > > > > > >
> > > > > > > > > > > Right now, nobody knows what this program does. It
could
> > do
> > > > > > damage,
> > > > > > > > like
> > > > > > > > > > > deleting files or unleash network attacks. Earlier
> > versions
> > > of
> > > > > > Sobig
> > > > > > > > > have
> > > > > > > > > > > executed similar but simpler routines. With Sobig.E,
the
> > > worm
> > > > > > > > downloaded
> > > > > > > > > a
> > > > > > > > > > > program which removed the virus itself (to hide its
> > tracks),
> > > > and
> > > > > > > then
> > > > > > > > > > > started
> > > > > > > > > > > to steal users network and web passwords. After this
the
> > > worm
> > > > > > > > installed
> > > > > > > > > a
> > > > > > > > > > > hidden email proxy, which has been used by various
> > spammers
> > > to
> > > > > > send
> > > > > > > > > their
> > > > > > > > > > > bulk commercial emails through these machines without
> the
> > > > owners
> > > > > > of
> > > > > > > > the
> > > > > > > > > > > computers knowing anything about it. Sobig.F might do
> > > > something
> > > > > > > > > similar -
> > > > > > > > > > > but
> > > > > > > > > > > we won't know until 19:00 UTC today.
> > > > > > > > > > >
> > > > > > > > > > > "As soon as we were able to crack the encryption used
by
> > the
> > > > > worm
> > > > > > to
> > > > > > > > > hide
> > > > > > > > > > > the
> > > > > > > > > > > list of the 20 machines, we've been trying to close
them
> > > > down",
> > > > > > > > explains
> > > > > > > > > > > Mikko Hypponen. F-Secure has been working with
> officials,
> > > > > > > authorities
> > > > > > > > > and
> > > > > > > > > > > various CERT organizations to disconnect these
machines
> > from
> > > > the
> > > > > > > > > Internet.
> > > > > > > > > > > "Unfortunately, the writers of this virus have been
> > waiting
> > > > for
> > > > > > this
> > > > > > > > > move
> > > > > > > > > > > too." These 20 machines are chosen from the networks
of
> > > > > different
> > > > > > > > > > operators,
> > > > > > > > > > > making it quite likely that there won't be enough time
> to
> > > take
> > > > > > them
> > > > > > > > all
> > > > > > > > > > down
> > > > > > > > > > > by 19:00 UTC. Even if just one stays up, it will be
> enough
> > > for
> > > > > the
> > > > > > > > worm.
> > > > > > > > > > >
> > > > > > > > > > > The advanced techniques used by the worm make it quite
> > > obvious
> > > > > > it's
> > > > > > > > not
> > > > > > > > > > > written by a typical teenage virus writer. The fact
that
> > > > > previous
> > > > > > > > Sobig
> > > > > > > > > > > variants we're used by spammers on a large scale adds
an
> > > > element
> > > > > > of
> > > > > > > > > > > financial
> > > > > > > > > > > gain. Who's behind all this? "Looks like organized
crime
> > to
> > > > me",
> > > > > > > > > comments
> > > > > > > > > > > Mikko Hypponen.
> > > > > > > > > > >
> > > > > > > > > > > F-Secure is monitoring the Sobig.F developments
through
> > the
> > > > > night
> > > > > > on
> > > > > > > > > > Friday
> > > > > > > > > > > the 22nd. Updates will be posted to Sobig.F's virus
> > > > description
> > > > > at
> > > > > > > > > > > http://www.f-secure.com/v-descs/sobig_f.shtml
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > F-Secure Anti-Virus can detect and stop this worm.
> > F-Secure
> > > > > > > Anti-Virus
> > > > > > > > > can
> > > > > > > > > > > be
> > > > > > > > > > > downloaded from http://www.f-secure.com
> > > > > > > > > > >
> > > > > > > > > > > About F-Secure
> > > > > > > > > > >
> > > > > > > > > > > F-Secure Corporation is the leading provider of
> centrally
> > > > > managed
> > > > > > > > > security
> > > > > > > > > > > solutions for the mobile enterprise. The company's
> > > > award-winning
> > > > > > > > > products
> > > > > > > > > > > include antivirus, file encryption and network
security
> > > > > solutions
> > > > > > > for
> > > > > > > > > > major
> > > > > > > > > > > platforms from desktops to servers and from laptops to
> > > > > handhelds.
> > > > > > > > > Founded
> > > > > > > > > > in
> > > > > > > > > > > 1988, F-Secure has been listed on the Helsinki
Exchanges
> > > since
> > > > > > > > November
> > > > > > > > > > > 1999.
> > > > > > > > > > > The company is headquartered in Helsinki, Finland,
with
> > the
> > > > > North
> > > > > > > > > American
> > > > > > > > > > > headquarters in San Jose, California, as well as
offices
> > in
> > > > > > Germany,
> > > > > > > > > > Sweden,
> > > > > > > > > > > Japan and the United Kingdom and regional offices in
the
> > > USA.
> > > > > > > F-Secure
> > > > > > > > > is
> > > > > > > > > > > supported by a network of value added resellers and
> > > > distributors
> > > > > > in
> > > > > > > > over
> > > > > > > > > > 90
> > > > > > > > > > > countries around the globe. Through licening and
> > > distribution
> > > > > > > > > agreements,
> > > > > > > > > > > the
> > > > > > > > > > > company's security applications are available for the
> > > products
> > > > > of
> > > > > > > the
> > > > > > > > > > > leading
> > > > > > > > > > > handheld equipment manufacturers, such as Nokia and
HP.
> > > > > > > > > > >
> > > > > > > > > > > Finland:
> > > > > > > > > > > F-Secure Corporation
> > > > > > > > > > > Mikko Hypponen, Director, Anti-Virus Research
> > > > > > > > > > > PL 24
> > > > > > > > > > > FIN-00181 Helsinki
> > > > > > > > > > > Tel +358 9 2520 5513
> > > > > > > > > > > Fax. +358 9 2520 5001
> > > > > > > > > > > Email Mikko.Hypponen@F-Secure.com
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > For more information, please contact:
> > > > > > > > > > >
> > > > > > > > > > > Media contact in the USA:
> > > > > > > > > > > F-Secure Inc.
> > > > > > > > > > > Heather Deem,
> > > > > > > > > > > 675 N. First Street, 5th Floor
> > > > > > > > > > > San Jose, CA 95112
> > > > > > > > > > > Tel +1 408 350 2178
> > > > > > > > > > > Fax +1 408 938 6701
> > > > > > > > > > > Email Heather.Deem@F-Secure.com
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > http://www.F-Secure.com/
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Mailing list policy
> > > > > > > > > > >
> > > > > > > > > > > You have previously expressed interest in our
products,
> or
> > > > have
> > > > > > > asked
> > > > > > > > to
> > > > > > > > > > be
> > > > > > > > > > > included on one of our press release lists by
personally
> > > > giving
> > > > > us
> > > > > > > > your
> > > > > > > > > > > e-mail address for this purpose. Our mailing list are
> for
> > > the
> > > > > > > > exclusive
> > > > > > > > > > use
> > > > > > > > > > > and the expressed purpose of F-Secure and are not sold
> or
> > > > given
> > > > > to
> > > > > > > > third
> > > > > > > > > > > parties.
> > > > > > > > > > >
> > > > > > > > > > > If you no longer wish to receive our press releases,
or
> > your
> > > > > email
> > > > > > > > > address
> > > > > > > > > > > has been added to our lists without your consent, you
> can
> > > > > > > unsubscribe
> > > > > > > > at
> > > > > > > > > > > http://www.F-Secure.com/news/subscribe.html
> > > > > > > > > > >
> > > > > > > > > > > If you only wish to receive our press releases
> concerning
> > > > > viruses,
> > > > > > > > > > > please go to
> > > > > > > > > > > http://www.F-Secure.com/news/subscribe.html
> > > > > > > > > > > and first unsubscribe from
> > > > > > > > > > > press-english-interest@lists.F-Secure.com
> > > > > > > > > > > and then subscribe to
> > > > > > > > > > > press-english-virus-announcement@lists.F-Secure.com
> > > > > > > > > > >
> > > > > > > > > > > *****************************************
> > > > > > > > > > > Jaana Sirkiä, Communications Manager
> > > > > > > > > > > F-Secure Corporation
> > > > > > > > > > > PL 24
> > > > > > > > > > > FIN 00181-Helsinki
> > > > > > > > > > > Tel. +358 9 2520 5290
> > > > > > > > > > > Fax +358 9 2520 5018
> > > > > > > > > > > Mobile +358 400 303096
> > > > > > > > > > > http://www.F-Secure.com
> > > > > > > > > > > *******************************************
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages
Quantcast