[unisog] http://www.f-secure.com/news/items/news_2003082200.s html

Jock Rutherford jock.rutherford at sait.ca
Fri Aug 22 18:33:53 GMT 2003




-----Original Message-----
From: Todd Mitchell - lists [mailto:lists at ciphin.com]
Sent: Friday, August 22, 2003 12:13
To: jdawson at flexpop.net; nanog at merit.edu
Subject: RE: Sobig.f surprise attack today



| Jim Dawson
| Sent: Friday, August 22, 2003 2:02 PM
| Subject: Sobig.f surprise attack today
| 
| F-Secure Corporation is warning about a new level of attack to be
| unleashed by the Sobig.F worm today. Supposed to take place at 1900
UTC.
| 
| http://www.f-secure.com/news/items/news_2003082200.shtml


See the following message sent out by X-Force a few hours ago.

Todd

------------------------------------------------------------------------
--

Computers infected with the Sobig.F worm are programmed
to automatically download an executable of unknown function
from a hard-coded list of servers at 19:00 UTC (3:00pm EDT)
X-Force is recommending wholesale outbound filtering of 
the following IP addresses:

67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96

The request method uses UDP port 8998. X-Force also 
recommends that this port be filtered outbound.



-----Original Message-----
From: Ben Compton [mailto:Ben.Compton at sw.edu]
Sent: Friday, August 22, 2003 11:13
To: unisog at sans.org
Subject: RE: [unisog]
http://www.f-secure.com/news/items/news_2003082200.s html


Does anyone have a clue about the IP addresses of the master machines?
Having that to toss in an ACL for the weekend could be quite useful it
keeping this under control.

Ben C.


-----Original Message-----
From: Michael Sofka [mailto:sofkam at rpi.edu] 
Sent: Friday, 22 August, 2003 12:21 PM
To: unisog at sans.org
Subject: [unisog] http://www.f-secure.com/news/items/news_2003082200.shtml


http://www.f-secure.com/news/items/news_2003082200.shtml
-- 
Michael D. Sofka              sofkam at rpi.edu
C&CT Sr. Systems Programmer    Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY.  http://www.rpi.edu/~sofkam/


More information about the unisog mailing list