| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: Anybody know what Sobig.F has downloaded? I believe it makes use of ntp for the date sensitive stuff... -KF Dan Stromberg wrote: >What if someone cranks a clock forward and sees what the program does? > >Not having any windows systems at all, I'm in a poor position to try >this. :) > >On Fri, 2003-08-22 at 13:33, Compton, Rich wrote: > > >>As many of you know, the latest Sobig.F virus was scheduled to begin >>downloading unknown code from various IPs at 3:00 EST today on UDP port >>8998. Does anybody have any idea what this code is? Are the infected boxes >>actually downloading code? Does anybody have an infected Windoze box with >>Sobig that can see what code was downloaded? >> >>Here's a link to some info at Sophos in case you are unfamiliar with this. >> >>http://www.sophos.com/virusinfo/articles/sobigextra.html >> >>Looking at the infection rates of this virus, I'd say that it's pretty >>important that we find out what this code is and what it does ASAP! >> >>Thanks, >>Rich Compton >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.netsys.com/full-disclosure-charter.html >> >>
Powered by blists - more mailing lists