| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308221624.07585.jstewart@lurhq.com> From: jstewart at lurhq.com (Joe Stewart) Subject: Sobig has a surprise... On Friday 22 August 2003 03:19 pm, Florian Weimer wrote: > 18 of 20 addresses where known to the AV community since Tuesday. I > don't know what F-Secure is doing here. > > Why don't they publish the list of IP addresses so that people can put > filters on their networks? 67.73.21.6 68.38.159.161 67.9.241.67 66.131.207.81 65.177.240.194 65.93.81.59 65.95.193.138 65.92.186.145 63.250.82.87 65.92.80.218 61.38.187.59 24.210.182.156 24.202.91.43 24.206.75.137 24.197.143.132 12.158.102.205 24.33.66.38 218.147.164.29 12.232.104.221 68.50.208.96 alert udp $HOME_NET any -> $EXTERNAL_NET 8998 (msg:"Sobig Trojan Site Download Request"; content:"|5c bf 01 29 ca 62 eb f1|"; dsize:8; reference:url,www.lurhq.com/sobig-e.html; classtype:trojan-activity; sid:1000021; rev:1;) -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ Corporation http://www.lurhq.com/
Powered by blists - more mailing lists