Re: Sobig.f update cycle this afternoon

[Michelle Mueller <muellerm () MTMARY EDU>]

From:  http://www.f-secure.com/v-descs/sobig_f.shtml


Update on 19:00 UTC

When deadline for the attack was passed, one machine was still
(somewhat) up. However, immediately after the deadline, this machine
(located in the USA) was totally swamped under network traffic.

We've tried connecting to it, just like the virus does. We do this from
three different sensors from three different machines in three different
countries. We haven't been able to connect to it once. If we can't
connect, neither can the viruses.

So the attack failed. Whoa.

We'll keep monitoring until 22:00 UTC. If we're not able to connect
once, we can safely say that the attack was prevented.

Update on 19:50 UTC

Still not a single connection from any of our sensors to any of the
servers.



Marty Hoag wrote:

>    I'm sure most of you saw this on UNISOG but Michael
> Benedetto and Michael Sofka posted links to items about
> the update cycle or "mystery program" load that sobig.f
> will apparently do at 1900 UTC today (3:00 p.m. EDT):
>
> The F-secure release is at
> http://www.f-secure.com/news/items/news_2003082200.shtml
> The news snippet at Incidents is at
> http://isc.sans.org/diary.html?date=2003-08-22
> and there is an ISS Alert with IP addresses
> http://xforce.iss.net/xforce/alerts/id/151
>
> **********
> Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.