lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F45E2FE.5020303@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: Anybody know what Sobig.F has downloaded?

I believe it makes use of ntp for the date sensitive stuff...
-KF


Dan Stromberg wrote:

>What if someone cranks a clock forward and sees what the program does?
>
>Not having any windows systems at all, I'm in a poor position to try
>this.  :)
>
>On Fri, 2003-08-22 at 13:33, Compton, Rich wrote:
>  
>
>>As many of you know, the latest Sobig.F virus was scheduled to begin
>>downloading unknown code from various IPs at 3:00 EST today on UDP port
>>8998.  Does anybody have any idea what this code is?  Are the infected boxes
>>actually downloading code?  Does anybody have an infected Windoze box with
>>Sobig that can see what code was downloaded?
>>
>>Here's a link to some info at Sophos in case you are unfamiliar with this.  
>>
>>http://www.sophos.com/virusinfo/articles/sobigextra.html
>>
>>Looking at the infection rates of this virus, I'd say that it's pretty
>>important that we find out what this code is and what it does ASAP!
>>
>>Thanks,
>>Rich Compton 
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>    
>>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ