-
August 22nd, 2003, 08:14 PM
#1
Here's the new info for Sobig.F, The Sequel
Sophos experts have advised network and system administrators that they can take immediate action to prevent the W32/Sobig-F worm from downloading a potentially malicious update from the internet.
The worm contains a list of encrypted IP addresses inside its code, which the Sobig-F infected computers use to signal their availabilty for an update. Infected computers will communicate with the IP addresses on UDP port 8998. They will also be listening on UDP ports 995-999 - perhaps in readiness for the updates to arrive.
The list ip IP's is here
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 22nd, 2003, 08:46 PM
#2
Anyone experiencing any traffic from this worm? I am wondering if it will even work since there will be so many computers trying to contact those 20 ip addresses.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
August 22nd, 2003, 09:37 PM
#3
-
August 22nd, 2003, 10:30 PM
#4
lol....if they took greater care, they could have used more than 20 IP's, it wouldn't have been difficult at all.
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
August 22nd, 2003, 11:25 PM
#5
Member
I am seeing some UDP connection requests on port 137 in my firewall logs but the majority are ICMP connection requests on port 2048 and there are a bunch. I believe the ICMP requests are coming from the Welchia worm.
ccKid
-
August 23rd, 2003, 01:24 AM
#6
“It’s unprecedented in our history. ... It’s a pretty frightening statistic. And the next incarnation could be even worse,” said MessageLabs chief information analyst Paul Wood.
I thought this would die off in a couple days; now MSN has labeled it the
"FASTEST E-MAIL OUTBREAK EVER"
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
Hit it!
-
August 23rd, 2003, 01:46 AM
#7
lJDLSAjdlhjsdhjadsfljadsflhehljkadsfhdsf454325532456325643254325443
-
August 23rd, 2003, 06:09 AM
#8
Junior Member
Hey this worm Sobiggggg is amazing i think we can use it to gain access to
the computer it has infected....
Well i think all of u should keep ur antenae up and listen to it...
I am in Love .... I Love you Min
Is there anybody who knows
whom do i LOVE
No nobody knows that
Its C C Computer...
-
August 23rd, 2003, 09:56 AM
#9
Junior Member
hello![/shadow] [blur]are there any one who can get me the whole code of the worm sobig.t@mm i want to make it sosobig[/blur]
[shadow]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|