Full Disclosure mailing list archives
RE: Sobig has a surprise...
From: "Jerry Heidtke" <jheidtke () fmlh edu>
Date: Sat, 23 Aug 2003 18:53:13 -0500
I've been unable to find, anywhere, the list of servers that Sobig.e tries to contact. I did find one reference that stated Sobig.e had a list of 22 servers that it tried to contact, not five. I was able to confirm from several AV sites that while Sobig.e stopped trying to spread several weeks ago, the update feature is still active and launches itself every Monday and Friday. If you, or anyone, can confirm that this is the list from Sobig.e, (even by saying something like "Yes, I saw this traffic to these addresses in our firewall logs, checked the system, and it was infected with Sobig.e"), we can all rest a little easier, and I apologize for raising any unnecessary concern. I didn't pay any attention to Sobig.e when it came out (not my area of responsibility), and wasn't aware that it had the same update capabilities of Sobig.f. I guess I assumed from all the uproar in the press and various lists about Sobig.f that this was some new nastiness only recently discovered. Was this all just more self-serving fear-mongering by the AV companies? Did I fall for it? yewww I have to go wash my hands now... Jerry -----Original Message----- From: Peter Ferrie [mailto:pferrie () symantec com] Sent: Saturday, August 23, 2003 3:58 PM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Sobig has a surprise...
Ron was asking if anyone had more details about the OTHER addresses that Sobig tried to contact: 67.164.250.26/8998 129.244.36.194/8998 67.73.60.121/8998 218.146.139.246/8998 66.169.84.77/8998 Other people have seen the same thing. The exact circumstances are still unknown (at least to me).
This is the IP list for Sobig.E. 8^) p. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Sobig has a surprise..., (continued)
- RE: Sobig has a surprise... Compton, Rich (Aug 22)
- RE: Sobig has a surprise... Andre Ludwig (Aug 22)
- RE: Sobig has a surprise... Jerry Heidtke (Aug 22)
- RE: Sobig has a surprise... Andrews Carl 448 (Aug 22)
- RE: Sobig has a surprise... Jerry Heidtke (Aug 22)
- RE: Sobig has a surprise... David Vincent (Aug 22)
- RE: Sobig has a surprise... Jerry Heidtke (Aug 23)
- RE: Sobig has a surprise... Paul Schmehl (Aug 23)
- RE: Sobig has a surprise... Peter Ferrie (Aug 23)
- Re: Sobig has a surprise... Joe Stewart (Aug 23)
- RE: Sobig has a surprise... Jerry Heidtke (Aug 23)