Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade_at_sprint.ca>
About 4 hours before it was due to trigger, F-Secure found an
encrypted section of code in the Sobig virus that indicated an
unsuspected payload. At 1900H UTC (noon, PDT) on Friday, infected
computers would try to connect to a number of servers, download a
program, and run it.
Within that four hour period, F-Secure, possibly with the assistance
of other institutions, was able to contact the ISPs for these
machines, and have them all shut down. (One remains up. Presumably
it has been turned into a honeypot, a form of trap for the people who
intended to use it for the attack.)
At this time, we do not know what the intention of the so-called
"Stage 2" payload was, but the plan shows evidence of very careful
planning, and, given the extreme number of Sobig infections, it could
have been very serious.
http://www.f-secure.com/news/items/news_2003082200.shtml
http://www.f-secure.com/v-descs/sobig_f.shtml
====================== (quote inserted randomly by Pegasus Mailer)
rslade_at_vcn.bc.ca slade_at_victoria.tc.ca rslade_at_sun.soci.niu.edu
Madness takes its toll. Please have exact change ready.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Aug 25 2003
Intro
