[Dshield] Sobig watch

Johannes B. Ullrich jullrich at sans.org
Fri Aug 22 22:21:48 GMT 2003


Well, the original update servers are no longer reachable. However,
Sobig has the ability to receive a new list. It is possible that the
author is attempting to do just that. 

If everyone could take a quick look for UDP packets to port 995-999, in
particular if you can get full packet dumps.




-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20030822/4d2b0675/attachment.bin


More information about the list mailing list