nanog mailing list archives

RE: Sobig.f surprise attack today

From: "Dr. Jeffrey Race" <jrace () attglobal net>
Date: Fri, 22 Aug 2003 17:52:03 +0700


On Fri, 22 Aug 2003 14:13:27 -0400, Todd Mitchell - lists wrote:

See the following message sent out by X-Force a few hours ago.>Todd
Computers infected with the Sobig.F worm are programmed
to automatically download an executable of unknown function
from a hard-coded list of servers at 19:00 UTC (3:00pm EDT)
X-Force is recommending wholesale outbound filtering of 
the following IP addresses:

67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96


Roadrunner              IIII
Comcast                 II
Sprint                  I
Dacom                   I
Earthlink               I
Le Groupe Videotron     II
Bell Canada             IIIII 
Net 66                  II
Charter                 I
ATT Worldnet            II

Current thread:

Re: Sobig.f surprise attack today, (continued)
- - - Re: Sobig.f surprise attack today Petri Helenius (Aug 28)
    - Re: Sobig.f surprise attack today Mike Tancsa (Aug 28)
- RE: Sobig.f surprise attack today Matthew Kaufman (Aug 22)
- RE: Sobig.f surprise attack today Vachon, Scott (Aug 22)
  - Re: Sobig.f surprise attack today steve uurtamo (Aug 22)
- RE: Sobig.f surprise attack today Todd Mitchell - lists (Aug 22)
- RE: Sobig.f surprise attack today Irwin Lazar (Aug 22)
- RE: Sobig.f surprise attack today netadm (Aug 22)
- RE: Sobig.f surprise attack today Mark Segal (Aug 22)
- RE: Sobig.f surprise attack today Austad, Jay (Aug 22)
- RE: Sobig.f surprise attack today Dr. Jeffrey Race (Aug 22)