nanog mailing list archives
RE: Sobig.f surprise attack today
From: "Todd Mitchell - lists" <lists () ciphin com>
Date: Fri, 22 Aug 2003 14:13:27 -0400
| Jim Dawson | Sent: Friday, August 22, 2003 2:02 PM | Subject: Sobig.f surprise attack today | | F-Secure Corporation is warning about a new level of attack to be | unleashed by the Sobig.F worm today. Supposed to take place at 1900 UTC. | | http://www.f-secure.com/news/items/news_2003082200.shtml See the following message sent out by X-Force a few hours ago. Todd ------------------------------------------------------------------------ -- Computers infected with the Sobig.F worm are programmed to automatically download an executable of unknown function from a hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is recommending wholesale outbound filtering of the following IP addresses: 67.73.21.6 68.38.159.161 67.9.241.67 66.131.207.81 65.177.240.194 65.93.81.59 65.95.193.138 65.92.186.145 63.250.82.87 65.92.80.218 61.38.187.59 24.210.182.156 24.202.91.43 24.206.75.137 24.197.143.132 12.158.102.205 24.33.66.38 218.147.164.29 12.232.104.221 68.50.208.96 The request method uses UDP port 8998. X-Force also recommends that this port be filtered outbound.
Current thread:
- Sobig.f surprise attack today Jim Dawson (Aug 22)
- RE: Sobig.f surprise attack today Todd Mitchell - lists (Aug 22)
- Re: Sobig.f surprise attack today Omachonu Ogali (Aug 22)
- RE: Sobig.f surprise attack today Randy Neals (ORION) (Aug 22)
- RE: Sobig.f surprise attack today Gary Attard (Aug 22)
- RE: Sobig.f surprise attack today Stephen J. Wilcox (Aug 22)
- Re: Sobig.f surprise attack today Andrew Kerr (Aug 22)
- Re: Sobig.f surprise attack today Jay Hennigan (Aug 22)
- Re: Sobig.f surprise attack today Andrew Kerr (Aug 22)
- Re: Sobig.f surprise attack today Omachonu Ogali (Aug 22)
- RE: Sobig.f surprise attack today Todd Mitchell - lists (Aug 22)
- Re: Sobig.f surprise attack today Petri Helenius (Aug 22)
- Re: Sobig.f surprise attack today Jay Hennigan (Aug 22)