lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: tim at night-shade.org.uk (Tim Fletcher) Subject: Anybody know what Sobig.F has downloaded? On Fri, 2003-08-22 at 21:33, Compton, Rich wrote: > As many of you know, the latest Sobig.F virus was scheduled to begin > downloading unknown code from various IPs at 3:00 EST today on UDP port > 8998. Does anybody have any idea what this code is? Are the infected boxes > actually downloading code? Does anybody have an infected Windoze box with > Sobig that can see what code was downloaded? While this is 2nd hand I have now heard about the same effect on 2 different unrelated machines via friends on quakenet (irc) <Mikeh> email from a m8 <Mikeh> got a bit of a prob <Mikeh> with me pc, when i go online, after about a minute i get a message saying <Mikeh> "system is shutting down please save all work inj progress and log off, <Mikeh> system shut down was initiated by NT Authority/system. This could be something totally unrelated but the fact I have now heard about it from 2 people since last night of whom 1 was definitely infected with Sobig.F I think their is code out there. Putting this together with the comments made on the list about traffic on udp port 8998 to a different set of ips from some of the Sobig.F infected hosts leads me to suggest that there is "something" going on but as to what I have very little idea as my only windows machine is for playing games on and so sees no email or direct net traffic. -- Tim Fletcher .~. tim@...ht-shade.org.uk /V\ L I N U X // \\ >Don't fear the penguin< irc: Night-Shade on Quakenet /( )\ ^^-^^ Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup.
Powered by blists - more mailing lists