| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.43.0308230956330.25617-100000@tundra.winternet.com> From: dufresne at winternet.com (Ron DuFresne) Subject: Sobig has a surprise... On Fri, 22 Aug 2003, Paul Schmehl wrote: > --On Friday, August 22, 2003 1:27 PM -0600 Jonathan Grotegut > <jgrotegut@...ectpointe.com> wrote: > > > > Anyone able to verify this with another site (eeye, any other antivirus > > firm)? > > > I can verify this. I wrote a snort rule that looks for outgoing packets to > 8998/UDP and I saw machines hitting 20 unique IPs on that port. So I can > confirm that it is true. Nick FitzGerald's reply to "Compton, Rich" <RCompton@...rtercom.com>, Subject: Re: [Full-Disclosure] Anybody know what Sobig.F has downloaded?, was excellent, and very informative for a large skillbase, and yet the two postings by Jerry Heidtke <jheidtke@...h.edu>, Subject: RE: [Full-Disclosure] Sobig has a surprise..., leave in doubt the issue if this is the end of the sobig.f issue, I saw nothing posted so far to indicate that all the systems those infected were to grab code/additional address info, had been intercepted. Anyone have more details to the other addresses? Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists