Home page logo
/

nanog logo nanog mailing list archives

RE: Brace yourselves.. W32/Sobig-F about to mutate...
From: "Todd Mitchell - lists" <lists () ciphin com>
Date: Fri, 22 Aug 2003 14:21:51 -0400


| Stephen J. Wilcox
| Sent: Friday, August 22, 2003 2:15 PM
| To: Valdis.Kletnieks () vt edu
| Cc: nanog () merit edu
| Subject: Re: Brace yourselves.. W32/Sobig-F about to mutate...
| 
| On Fri, 22 Aug 2003 Valdis.Kletnieks () vt edu wrote:
| 
| > A quick heads up, if anybody hasn't heard:
| >
| > At 1900GMT today, ET phones home, and picks up the next payload of
| > instructions.  Nobody knows (yet) what they'll be, but SoBig-E
erased
| itself,
| > put in a password grabber, and then installed a mail proxy for
spammer
| use.
| 
| "On this moment, the worm starts to connect to machines found from an
| encrypted
| list hidden in the virus body. The list contains the address of 20
| computers
| located in USA, Canada and South Korea."
| 
| erm so why dont we just block (preferably bgp null route) these sites?

I believe that InterNAP has already implemented this in all of their
PNAP's.

Todd

--



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault