lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004901c3841b$4bacdff0$5b00005a@moregarlic.com>
Date: Fri, 26 Sep 2003 06:45:15 -0400
From: "Larry Seltzer" <larry@...ryseltzer.com>
To: <kruse@...lroad.dk>, "'Liviu Daia'" <Liviu.Daia@...r.ro>,
	<bugtraq@...urityfocus.com>
Subject: RE: Ruh-Roh SOBIG.G?


I thought it had expired on 9/10, and it did stop coming for a while. I'm seeing it
again too; actually, I'm seeing two different attachment sizes in the new ones, one
around 70K and the other around 100K. 

Did someone reissue Sobig.F with a new expiration date?

Larry Seltzer
Security Editor, eWEEK.com
http://security.eweek.com/
larryseltzer@...fdavis.com 

-----Original Message-----
From: Peter Kruse [mailto:kruse@...sesecurity.dk] 
Sent: Thursday, September 25, 2003 6:02 PM
To: 'Liviu Daia'; bugtraq@...urityfocus.com
Subject: SV: Ruh-Roh SOBIG.G?


Hi,

There is no new Sobig worm here. I just ran through samples received by the original
poster and I can confirm that these are all Sobig-F samples. The worm is known to be
polymorphic which by nature will change the size and content of the code. Nothing new
here.

Kind regards // Med venlig hilsen

Peter Kruse
CSIS / Kruse Security ApS
http://www.krusesecurity.dk




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ