Results 1 to 9 of 9

Thread: Here's the new ifo for Sobig.F, The Sequel

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    Here's the new info for Sobig.F, The Sequel

    Sophos experts have advised network and system administrators that they can take immediate action to prevent the W32/Sobig-F worm from downloading a potentially malicious update from the internet.

    The worm contains a list of encrypted IP addresses inside its code, which the Sobig-F infected computers use to signal their availabilty for an update. Infected computers will communicate with the IP addresses on UDP port 8998. They will also be listening on UDP ports 995-999 - perhaps in readiness for the updates to arrive.
    The list ip IP's is here
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Anyone experiencing any traffic from this worm? I am wondering if it will even work since there will be so many computers trying to contact those 20 ip addresses.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Another Link.. Yes, It's SO BIG!

    http://zdnet.com.com/2100-1105_2-5067078.html
    -Simon \"SDK\"

  4. #4
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    lol....if they took greater care, they could have used more than 20 IP's, it wouldn't have been difficult at all.
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  5. #5
    I am seeing some UDP connection requests on port 137 in my firewall logs but the majority are ICMP connection requests on port 2048 and there are a bunch. I believe the ICMP requests are coming from the Welchia worm.


    ccKid

  6. #6
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    “It’s unprecedented in our history. ... It’s a pretty frightening statistic. And the next incarnation could be even worse,” said MessageLabs chief information analyst Paul Wood.


    I thought this would die off in a couple days; now MSN has labeled it the
    "FASTEST E-MAIL OUTBREAK EVER"

    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  7. #7
    Banned
    Join Date
    Mar 2002
    Posts
    594
    lJDLSAjdlhjsdhjadsfljadsflhehljkadsfhdsf454325532456325643254325443

  8. #8
    Junior Member
    Join Date
    Apr 2003
    Posts
    2
    Hey this worm Sobiggggg is amazing i think we can use it to gain access to
    the computer it has infected....
    Well i think all of u should keep ur antenae up and listen to it...
    I am in Love .... I Love you Min
    Is there anybody who knows
    whom do i LOVE
    No nobody knows that
    Its C C Computer...

  9. #9
    Junior Member
    Join Date
    Aug 2003
    Posts
    4
    hello![/shadow] [blur]are there any one who can get me the whole code of the worm sobig.t@mm i want to make it sosobig[/blur]
    [shadow]
    :-P

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •