[unisog] http://www.f-secure.com/news/items/news_2003082200.s html

Jock Rutherford jock.rutherford at sait.ca
Fri Aug 22 18:33:53 GMT 2003

-----Original Message-----
From: Todd Mitchell - lists [mailto:lists at ciphin.com]
Sent: Friday, August 22, 2003 12:13
To: jdawson at flexpop.net; nanog at merit.edu
Subject: RE: Sobig.f surprise attack today

| Jim Dawson
| Sent: Friday, August 22, 2003 2:02 PM
| Subject: Sobig.f surprise attack today
| F-Secure Corporation is warning about a new level of attack to be
| unleashed by the Sobig.F worm today. Supposed to take place at 1900
| http://www.f-secure.com/news/items/news_2003082200.shtml

See the following message sent out by X-Force a few hours ago.



Computers infected with the Sobig.F worm are programmed
to automatically download an executable of unknown function
from a hard-coded list of servers at 19:00 UTC (3:00pm EDT)
X-Force is recommending wholesale outbound filtering of 
the following IP addresses:

The request method uses UDP port 8998. X-Force also 
recommends that this port be filtered outbound.

-----Original Message-----
From: Ben Compton [mailto:Ben.Compton at sw.edu]
Sent: Friday, August 22, 2003 11:13
To: unisog at sans.org
Subject: RE: [unisog]
http://www.f-secure.com/news/items/news_2003082200.s html

Does anyone have a clue about the IP addresses of the master machines?
Having that to toss in an ACL for the weekend could be quite useful it
keeping this under control.

Ben C.

-----Original Message-----
From: Michael Sofka [mailto:sofkam at rpi.edu] 
Sent: Friday, 22 August, 2003 12:21 PM
To: unisog at sans.org
Subject: [unisog] http://www.f-secure.com/news/items/news_2003082200.shtml

Michael D. Sofka              sofkam at rpi.edu
C&CT Sr. Systems Programmer    Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY.  http://www.rpi.edu/~sofkam/

More information about the unisog mailing list