nanog mailing list archives
Re: Brace yourselves.. W32/Sobig-F about to mutate...
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Fri, 22 Aug 2003 19:14:36 +0100 (BST)
On Fri, 22 Aug 2003 Valdis.Kletnieks () vt edu wrote:
A quick heads up, if anybody hasn't heard: At 1900GMT today, ET phones home, and picks up the next payload of instructions. Nobody knows (yet) what they'll be, but SoBig-E erased itself, put in a password grabber, and then installed a mail proxy for spammer use.
"On this moment, the worm starts to connect to machines found from an encrypted list hidden in the virus body. The list contains the address of 20 computers located in USA, Canada and South Korea." erm so why dont we just block (preferably bgp null route) these sites?
Current thread:
- Brace yourselves.. W32/Sobig-F about to mutate... Valdis . Kletnieks (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Stephen J. Wilcox (Aug 22)
- RE: Brace yourselves.. W32/Sobig-F about to mutate... Todd Mitchell - lists (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Scott Weeks (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... up (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Adam Maloney (Aug 22)
- <Possible follow-ups>
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Fergie (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Valdis . Kletnieks (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Stephen J. Wilcox (Aug 22)