[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sobig has a surprise...

To: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: [Full-Disclosure] Sobig has a surprise...
From: "Jamie L Thompson" <jlt@raytheon.com>
Date: Fri, 22 Aug 2003 16:17:05 -0400


<br><font size=2 face="sans-serif">Sophos has the list of ips posted.</font>
<br>
<br><font size=2 face="sans-serif">http://www.sophos.com/virusinfo/articles/sobigiplist.html<br>
</font>
<table width=100%>
<tr>
<td width=15% bgcolor=white>
<td width=84% bgcolor=white><img src=cid:_1_066D7F18066D7B30006F091D85256D8A alt=Raytheon>
<tr valign=top>
<td bgcolor=white><img src=cid:_1_0675B294066D811C006F091D85256D8A>
<td bgcolor=white><font size=2 color=#666666 face="Arial"><b>Jamie L Thompson</b></font><font size=1 color=#666666 face="Arial"><br>
IT Specialist<br>
781.860.2438<br>
781.860.2875 fax<br>
781.953.5263 cell<u><br>
</u></font><a href=mailto:jlt@raytheon.com><font size=1 color=#666666 face="Arial"><u>jlt@raytheon.com</u></font></a><font size=1 color=#666666 face="Arial">
</font></table>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Florian Weimer &lt;fw@deneb.enyo.de&gt;</b></font>
<br><font size=1 face="sans-serif">Sent by: full-disclosure-admin@lists.netsys.com</font>
<p><font size=1 face="sans-serif">08/22/2003 03:19 PM</font>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To:
&nbsp; &nbsp; &nbsp; &nbsp;Steve Postma &lt;spostma@travizon.com&gt;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; cc:
&nbsp; &nbsp; &nbsp; &nbsp;&quot;'full-disclosure@lists.netsys.com'&quot;
&lt;full-disclosure@lists.netsys.com&gt;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject:
&nbsp; &nbsp; &nbsp; &nbsp;Re: [Full-Disclosure] Sobig has a surprise...</font></table>
<br>
<br><font size=2><tt>Steve Postma &lt;spostma@travizon.com&gt; cites:<br>
<br>
&gt; However, the Sobig.F worm has a surprise attack in its sleeve.&quot;
<br>
<br>
From the web site:<br>
<br>
| &quot;As soon as we were able to crack the encryption used by the worm
to<br>
| hide the list of the 20 machines, we've been trying to close them<br>
| down&quot;, explains Mikko Hypponen.<br>
<br>
18 of 20 addresses where known to the AV community since Tuesday. &nbsp;I<br>
don't know what F-Secure is doing here.<br>
<br>
Why don't they publish the list of IP addresses so that people can put<br>
filters on their networks?<br>
<br>
*sigh*<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: http://lists.netsys.com/full-disclosure-charter.html<br>
</tt></font>
<br>

References:
- Re: [Full-Disclosure] Sobig has a surprise...
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: RE: [Full-Disclosure] Re: Google Private IP is 10.7.0.73 !!!!!!
Next by Date: [Full-Disclosure] Anybody know what Sobig.F has downloaded?
Prev by thread: Re: [Full-Disclosure] Sobig has a surprise...
Next by thread: Re: [Full-Disclosure] Sobig has a surprise...
Index(es):
- Date
- Thread