lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: tim at night-shade.org.uk (Tim Fletcher)
Subject: Anybody know what Sobig.F has downloaded?

On Fri, 2003-08-22 at 21:33, Compton, Rich wrote:
> As many of you know, the latest Sobig.F virus was scheduled to begin
> downloading unknown code from various IPs at 3:00 EST today on UDP port
> 8998.  Does anybody have any idea what this code is?  Are the infected boxes
> actually downloading code?  Does anybody have an infected Windoze box with
> Sobig that can see what code was downloaded?

While this is 2nd hand I have now heard about the same effect on 2
different unrelated machines via friends on quakenet (irc)

<Mikeh> email from a m8
<Mikeh> got a bit of a prob
<Mikeh> with me pc, when i go online, after about a minute i get a
message saying
<Mikeh> "system is shutting down please save all work inj progress and
log off,
<Mikeh> system shut down was initiated by NT Authority/system.

This could be something totally unrelated but the fact I have now heard
about it from 2 people since last night of whom 1 was definitely
infected with Sobig.F I think their is code out there. 

Putting this together with the comments made on the list about traffic
on udp port 8998 to a different set of ips from some of the Sobig.F
infected hosts leads me to suggest that there is "something" going on
but as to what I have very little idea as my only windows machine is for
playing games on and so sees no email or direct net traffic.

-- 
   Tim Fletcher 

                                     .~.
       tim@...ht-shade.org.uk        /V\      L   I   N   U   X   
                                    // \\  >Don't fear the penguin<
   irc: Night-Shade on Quakenet    /(   )\
                                    ^^-^^

Do not meddle in the affairs of dragons, 
for you are crunchy and taste good with ketchup.



Powered by blists - more mailing lists