[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sobig has a surprise...

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Sobig has a surprise...
From: Joe Stewart <jstewart@xxxxxxxxx>
Date: Fri, 22 Aug 2003 16:24:07 -0400

On Friday 22 August 2003 03:19 pm, Florian Weimer wrote:
> 18 of 20 addresses where known to the AV community since Tuesday.  I
> don't know what F-Secure is doing here.
>
> Why don't they publish the list of IP addresses so that people can put
> filters on their networks?

67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96

alert udp $HOME_NET any -> $EXTERNAL_NET 8998 (msg:"Sobig Trojan Site Download 
Request"; content:"|5c bf 01 29 ca 62 eb f1|"; dsize:8; 
reference:url,www.lurhq.com/sobig-e.html; classtype:trojan-activity; 
sid:1000021; rev:1;)

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ Corporation
http://www.lurhq.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] MS03-039 has been released - critical
Next by Date: Re: [Full-Disclosure] Office 2000 Vulnerability
Previous by thread: [Full-Disclosure] AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities
Next by thread: [Full-Disclosure] iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE
Index(es):
- Date
- Thread