[unisog] Sobig Mystery Program

Andy Hooper hooper at post.queensu.ca
Fri Aug 22 17:40:31 GMT 2003


ISS is recommending to log or block udp8998 outbound, while SANS ISC says 
inbound. Outbound makes more sense to me if the goal is to prevent the 
download and detect victims.

http://xforce.iss.net/xforce/alerts/id/151

- Andy Hooper




More information about the unisog mailing list