[Dshield] FW: [Full-Disclosure] Sobig has a surprise...
jeff-kell at utc.edu
Sat Aug 23 19:56:48 GMT 2003
John D. wrote:
>>All the experts were totally faked out. While everyone was concentrating
>>on getting the "magic 20" machines shut down, no one realized that
>>different copies of Sobig.f had different lists of servers to contact.
I'm seeing lots of 4342/tcp attackers and a slight mix from previous
4444 traffic.. Has it mutated again?
More information about the list