[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Anybody know what Sobig.F has downloaded?
- To: Dan Stromberg <strombrg@dcs.nac.uci.edu>
- Subject: Re: [Full-Disclosure] Anybody know what Sobig.F has downloaded?
- From: KF <dotslash@snosoft.com>
- Date: Fri, 22 Aug 2003 04:31:42 -0500
I believe it makes use of ntp for the date sensitive stuff...
-KF
Dan Stromberg wrote:
>What if someone cranks a clock forward and sees what the program does?
>
>Not having any windows systems at all, I'm in a poor position to try
>this. :)
>
>On Fri, 2003-08-22 at 13:33, Compton, Rich wrote:
>
>
>>As many of you know, the latest Sobig.F virus was scheduled to begin
>>downloading unknown code from various IPs at 3:00 EST today on UDP port
>>8998. Does anybody have any idea what this code is? Are the infected boxes
>>actually downloading code? Does anybody have an infected Windoze box with
>>Sobig that can see what code was downloaded?
>>
>>Here's a link to some info at Sophos in case you are unfamiliar with this.
>>
>>http://www.sophos.com/virusinfo/articles/sobigextra.html
>>
>>Looking at the infection rates of this virus, I'd say that it's pretty
>>important that we find out what this code is and what it does ASAP!
>>
>>Thanks,
>>Rich Compton
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html