Sobig.f update.

Michael Sofka sofkam at
Fri Aug 22 20:15:32 GMT 2003


   Update on 19:00 UTC

   When deadline for the attack was passed, one machine was
   still (somewhat) up. However, immediately after the deadline,
   this machine (located in the USA) was totally swamped under
   network traffic.

   We've tried connecting to it, just like the virus does. We
   do this from three different sensors from three different
   machines in three different countries. We haven't been able
   to connect to it once. If we can't connect, neither can the viruses.

   So the attack failed. Whoa.

   We'll keep monitoring until 22:00 UTC. If we're not able
   to connect once, we can safely say that the attack was prevented.

   Update on 19:50 UTC

   Still not a single connection from any of our sensors to
   any of the servers.

Of course there's still the incoming udp 995--999 connections
to worry about.

Michael D. Sofka              sofkam at
C&CT Sr. Systems Programmer    Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY.

More information about the unisog mailing list