Full Disclosure mailing list archives
Re: Anybody know what Sobig.F has downloaded?
From: KF <dotslash () snosoft com>
Date: Fri, 22 Aug 2003 04:31:42 -0500
I believe it makes use of ntp for the date sensitive stuff... -KF Dan Stromberg wrote:
What if someone cranks a clock forward and sees what the program does? Not having any windows systems at all, I'm in a poor position to try this. :) On Fri, 2003-08-22 at 13:33, Compton, Rich wrote:As many of you know, the latest Sobig.F virus was scheduled to begin downloading unknown code from various IPs at 3:00 EST today on UDP port 8998. Does anybody have any idea what this code is? Are the infected boxes actually downloading code? Does anybody have an infected Windoze box with Sobig that can see what code was downloaded?Here's a link to some info at Sophos in case you are unfamiliar with this.http://www.sophos.com/virusinfo/articles/sobigextra.html Looking at the infection rates of this virus, I'd say that it's pretty important that we find out what this code is and what it does ASAP! Thanks,Rich Compton_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Anybody know what Sobig.F has downloaded? Compton, Rich (Aug 22)
- Re: Anybody know what Sobig.F has downloaded? Dan Stromberg (Aug 22)
- Re: Anybody know what Sobig.F has downloaded? KF (Aug 22)
- Re: Anybody know what Sobig.F has downloaded? Nick FitzGerald (Aug 22)
- Re: Anybody know what Sobig.F has downloaded? Tim Fletcher (Aug 23)
- Re: Anybody know what Sobig.F has downloaded? Tim Fletcher (Aug 23)
- Re: Anybody know what Sobig.F has downloaded? Michael Renzmann (Aug 23)
- <Possible follow-ups>
- RE: Anybody know what Sobig.F has downloaded? Robert J. Liebsch (Aug 22)
- Re: Anybody know what Sobig.F has downloaded? Dan Stromberg (Aug 22)