[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Sobig has a surprise...
- To: "Peter Ferrie" <pferrie@symantec.com>, <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Sobig has a surprise...
- From: "Jerry Heidtke" <jheidtke@fmlh.edu>
- Date: Sat, 23 Aug 2003 18:53:13 -0500
I've been unable to find, anywhere, the list of servers that Sobig.e tries to contact. I did find one reference that stated Sobig.e had a list of 22 servers that it tried to contact, not five.
I was able to confirm from several AV sites that while Sobig.e stopped trying to spread several weeks ago, the update feature is still active and launches itself every Monday and Friday. If you, or anyone, can confirm that this is the list from Sobig.e, (even by saying something like "Yes, I saw this traffic to these addresses in our firewall logs, checked the system, and it was infected with Sobig.e"), we can all rest a little easier, and I apologize for raising any unnecessary concern.
I didn't pay any attention to Sobig.e when it came out (not my area of responsibility), and wasn't aware that it had the same update capabilities of Sobig.f. I guess I assumed from all the uproar in the press and various lists about Sobig.f that this was some new nastiness only recently discovered. Was this all just more self-serving fear-mongering by the AV companies? Did I fall for it? yewww
I have to go wash my hands now...
Jerry
-----Original Message-----
From: Peter Ferrie [mailto:pferrie@symantec.com]
Sent: Saturday, August 23, 2003 3:58 PM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Sobig has a surprise...
>Ron was asking if anyone had more details about the OTHER addresses
>that Sobig tried to contact:
>
>67.164.250.26/8998
>129.244.36.194/8998
>67.73.60.121/8998
>218.146.139.246/8998
>66.169.84.77/8998
>
>Other people have seen the same thing. The exact circumstances are
>still unknown (at least to me).
This is the IP list for Sobig.E.
8^) p.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html