[unisog] Sobig-F really big

Joshua Wright Joshua.Wright at jwu.edu
Tue Aug 19 15:38:57 GMT 2003


We too are seeing a rapid increase in filtered messages that are charactistically similar to W32/Sobig.F - subject lines so far include "Re: That movie", "Re: Thank you!" and "Re: Details".

Any ideas on the sudden increase in activity?  9/10/2003 is supposed to be the self-termination date for this variant.

-Joshua Wright
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright at jwu.edu 
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73


> We received the Sophos IDE for Sobig-F at 0706 this morning 
> and started 
> detecting incoming infected emails about three minutes later. 
>  Since then (less 
> than four hours) we have seen 820 infected messages.  McAffee 
> had new IDEs this 
> morning.



More information about the unisog mailing list