Full Disclosure mailing list archives

RE: Sobig has a surprise...

From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 22 Aug 2003 20:46:13 -0500

--On Friday, August 22, 2003 1:27 PM -0600 Jonathan Grotegut<jgrotegut () directpointe com> wrote:


Anyone able to verify this with another site (eeye, any other antivirus
firm)?

I can verify this. I wrote a snort rule that looks for outgoing packets to8998/UDP and I saw machines hitting 20 unique IPs on that port. So I canconfirm that it is true.


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Sobig has a surprise... Steve Postma (Aug 22)
- Re: Sobig has a surprise... Florian Weimer (Aug 22)
  - Re: Sobig has a surprise... Jamie L Thompson (Aug 22)
  - Re: Sobig has a surprise... Michael Scheidell (Aug 22)
  - Re: Sobig has a surprise... Paul Schmehl (Aug 22)
    - Re: Sobig has a surprise... Florian Weimer (Aug 23)
    - Re: Sobig has a surprise... Paul Schmehl (Aug 23)
- <Possible follow-ups>
- RE: Sobig has a surprise... Jonathan Grotegut (Aug 22)
  - Re: Sobig has a surprise... Michael Scheidell (Aug 22)
    - Re: Sobig has a surprise... Paul Schmehl (Aug 22)
  - RE: Sobig has a surprise... Paul Schmehl (Aug 22)
    - RE: Sobig has a surprise... Ron DuFresne (Aug 23)
    - RE: Sobig has a surprise... Paul Schmehl (Aug 23)
    - RE: Sobig has a surprise... Ron DuFresne (Aug 23)
- RE: Sobig has a surprise... Compton, Rich (Aug 22)
- RE: Sobig has a surprise... Andre Ludwig (Aug 22)
- RE: Sobig has a surprise... Jerry Heidtke (Aug 22)
- RE: Sobig has a surprise... Andrews Carl 448 (Aug 22)
- RE: Sobig has a surprise... Jerry Heidtke (Aug 22)
- RE: Sobig has a surprise... David Vincent (Aug 22)
- RE: Sobig has a surprise... Jerry Heidtke (Aug 23)

(Thread continues...)