-- more on -- Sobig's Friday 3 p.m. action

[Dave Farber <dave () farber net>]

> Date: Fri, 22 Aug 2003 14:47:12 -0400
> From: Josh Marcus <josh () babel serve com>
> Subject: Re: [IP] Sobig's Friday 3 p.m. action
> To: Dave Farber <dave () farber net>
> User-Agent: Mutt/1.2.5.1i
> X-Spam-Status: No, hits=-1.8 required=7.5 
> tests=IN_REP_TO,MSG_ID_ADDED_BY_MTA_2
>  version=2.31
> X-Spam-Level:
> X-Spam-Filtered-At: eList eXpress <http://www.elistx.com/>
>
> Possibly for the IP.  The list of ips that Sobig F will
> try to download its new payload from is hardcoded and known.
> This is a message from X-Force:
>
> Computers infected with the Sobig.F worm are programmed
> to automatically download an executable of unknown function
> from a hard-coded list of servers at 19:00 UTC (3:00pm EDT)
> X-Force is recommending wholesale outbound filtering of
> the following IP addresses:
>
> 67.73.21.6
> 68.38.159.161
> 67.9.241.67
> 66.131.207.81
> 65.177.240.194
> 65.93.81.59
> 65.95.193.138
> 65.92.186.145
> 63.250.82.87
> 65.92.80.218
> 61.38.187.59
> 24.210.182.156
> 24.202.91.43
> 24.206.75.137
> 24.197.143.132
> 12.158.102.205
> 24.33.66.38
> 218.147.164.29
> 12.232.104.221
> 68.50.208.96
>
> The request method uses UDP port 8998. X-Force also
> recommends that this port be filtered outbound.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/