nanog mailing list archives
RE: Brace yourselves.. W32/Sobig-F about to mutate...
From: "Todd Mitchell - lists" <lists () ciphin com>
Date: Fri, 22 Aug 2003 14:21:51 -0400
| Stephen J. Wilcox | Sent: Friday, August 22, 2003 2:15 PM | To: Valdis.Kletnieks () vt edu | Cc: nanog () merit edu | Subject: Re: Brace yourselves.. W32/Sobig-F about to mutate... | | On Fri, 22 Aug 2003 Valdis.Kletnieks () vt edu wrote: | | > A quick heads up, if anybody hasn't heard: | > | > At 1900GMT today, ET phones home, and picks up the next payload of | > instructions. Nobody knows (yet) what they'll be, but SoBig-E erased | itself, | > put in a password grabber, and then installed a mail proxy for spammer | use. | | "On this moment, the worm starts to connect to machines found from an | encrypted | list hidden in the virus body. The list contains the address of 20 | computers | located in USA, Canada and South Korea." | | erm so why dont we just block (preferably bgp null route) these sites? I believe that InterNAP has already implemented this in all of their PNAP's. Todd --
Current thread:
- Brace yourselves.. W32/Sobig-F about to mutate... Valdis . Kletnieks (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Stephen J. Wilcox (Aug 22)
- RE: Brace yourselves.. W32/Sobig-F about to mutate... Todd Mitchell - lists (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Scott Weeks (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... up (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Adam Maloney (Aug 22)
- <Possible follow-ups>
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Fergie (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Valdis . Kletnieks (Aug 22)
- Re: Brace yourselves.. W32/Sobig-F about to mutate... Stephen J. Wilcox (Aug 22)