[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Sobig has a surprise...
- To: Paul Schmehl <pauls@utdallas.edu>
- Subject: RE: [Full-Disclosure] Sobig has a surprise...
- From: Ron DuFresne <dufresne@winternet.com>
- Date: Sat, 23 Aug 2003 10:09:45 -0500 (CDT)
On Fri, 22 Aug 2003, Paul Schmehl wrote:
> --On Friday, August 22, 2003 1:27 PM -0600 Jonathan Grotegut
> <jgrotegut@directpointe.com> wrote:
> >
> > Anyone able to verify this with another site (eeye, any other antivirus
> > firm)?
> >
> I can verify this. I wrote a snort rule that looks for outgoing packets to
> 8998/UDP and I saw machines hitting 20 unique IPs on that port. So I can
> confirm that it is true.
Nick FitzGerald's reply to "Compton, Rich" <RCompton@chartercom.com>,
Subject: Re: [Full-Disclosure] Anybody know what Sobig.F has downloaded?,
was excellent, and very informative for a large skillbase, and yet the two
postings by Jerry Heidtke <jheidtke@fmlh.edu>, Subject: RE:
[Full-Disclosure] Sobig has a surprise..., leave in doubt the issue if
this is the end of the sobig.f issue, I saw nothing posted so far to
indicate that all the systems those infected were to grab code/additional
address info, had been intercepted.
Anyone have more details to the other addresses?
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html