Educause Security Discussion mailing list archives
Re: Sobig.f update cycle this afternoon
From: Michelle Mueller <muellerm () MTMARY EDU>
Date: Fri, 22 Aug 2003 15:21:17 -0500
From: http://www.f-secure.com/v-descs/sobig_f.shtml Update on 19:00 UTC When deadline for the attack was passed, one machine was still (somewhat) up. However, immediately after the deadline, this machine (located in the USA) was totally swamped under network traffic. We've tried connecting to it, just like the virus does. We do this from three different sensors from three different machines in three different countries. We haven't been able to connect to it once. If we can't connect, neither can the viruses. So the attack failed. Whoa. We'll keep monitoring until 22:00 UTC. If we're not able to connect once, we can safely say that the attack was prevented. Update on 19:50 UTC Still not a single connection from any of our sensors to any of the servers. Marty Hoag wrote:
I'm sure most of you saw this on UNISOG but Michael Benedetto and Michael Sofka posted links to items about the update cycle or "mystery program" load that sobig.f will apparently do at 1900 UTC today (3:00 p.m. EDT): The F-secure release is at http://www.f-secure.com/news/items/news_2003082200.shtml The news snippet at Incidents is at http://isc.sans.org/diary.html?date=2003-08-22 and there is an ISS Alert with IP addresses http://xforce.iss.net/xforce/alerts/id/151 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Sobig.f update cycle this afternoon Marty Hoag (Aug 22)
- <Possible follow-ups>
- Re: Sobig.f update cycle this afternoon Michelle Mueller (Aug 22)
- Re: Sobig.f update cycle this afternoon Marty Hoag (Aug 22)