nanog mailing list archives
RE: Sobig.f surprise attack today
From: "Dr. Jeffrey Race" <jrace () attglobal net>
Date: Fri, 22 Aug 2003 17:52:03 +0700
On Fri, 22 Aug 2003 14:13:27 -0400, Todd Mitchell - lists wrote:
See the following message sent out by X-Force a few hours ago.>Todd Computers infected with the Sobig.F worm are programmed to automatically download an executable of unknown function from a hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is recommending wholesale outbound filtering of the following IP addresses: 67.73.21.6 68.38.159.161 67.9.241.67 66.131.207.81 65.177.240.194 65.93.81.59 65.95.193.138 65.92.186.145 63.250.82.87 65.92.80.218 61.38.187.59 24.210.182.156 24.202.91.43 24.206.75.137 24.197.143.132 12.158.102.205 24.33.66.38 218.147.164.29 12.232.104.221 68.50.208.96
Roadrunner IIII Comcast II Sprint I Dacom I Earthlink I Le Groupe Videotron II Bell Canada IIIII Net 66 II Charter I ATT Worldnet II
Current thread:
- Re: Sobig.f surprise attack today, (continued)
- Re: Sobig.f surprise attack today Petri Helenius (Aug 28)
- Re: Sobig.f surprise attack today Mike Tancsa (Aug 28)
- RE: Sobig.f surprise attack today Matthew Kaufman (Aug 22)
- RE: Sobig.f surprise attack today Vachon, Scott (Aug 22)
- Re: Sobig.f surprise attack today steve uurtamo (Aug 22)
- RE: Sobig.f surprise attack today Todd Mitchell - lists (Aug 22)
- RE: Sobig.f surprise attack today Irwin Lazar (Aug 22)
- RE: Sobig.f surprise attack today netadm (Aug 22)
- RE: Sobig.f surprise attack today Mark Segal (Aug 22)
- RE: Sobig.f surprise attack today Austad, Jay (Aug 22)
- RE: Sobig.f surprise attack today Dr. Jeffrey Race (Aug 22)