Here's the new ifo for Sobig.F, The Sequel

Quote:

---

Sophos experts have advised network and system administrators that they can take immediate action to prevent the W32/Sobig-F worm from downloading a potentially malicious update from the internet.

The worm contains a list of encrypted IP addresses inside its code, which the Sobig-F infected computers use to signal their availabilty for an update. Infected computers will communicate with the IP addresses on UDP port 8998. They will also be listening on UDP ports 995-999 - perhaps in readiness for the updates to arrive.

---

The list ip IP's is here

Anyone experiencing any traffic from this worm? I am wondering if it will even work since there will be so many computers trying to contact those 20 ip addresses.

Another Link.. Yes, It's SO BIG! ;)

http://zdnet.com.com/2100-1105_2-5067078.html

lol....if they took greater care, they could have used more than 20 IP's, it wouldn't have been difficult at all.

I am seeing some UDP connection requests on port 137 in my firewall logs but the majority are ICMP connection requests on port 2048 and there are a bunch. I believe the ICMP requests are coming from the Welchia worm.

::coffee::
ccKid

Quote:

---

“It’s unprecedented in our history. ... It’s a pretty frightening statistic. And the next incarnation could be even worse,” said MessageLabs chief information analyst Paul Wood.

---

I thought this would die off in a couple days; now MSN has labeled it the
"FASTEST E-MAIL OUTBREAK EVER"

:(

lJDLSAjdlhjsdhjadsfljadsflhehljkadsfhdsf454325532456325643254325443

Hey this worm Sobiggggg is amazing i think we can use it to gain access to
the computer it has infected....
Well i think all of u should keep ur antenae up and listen to it...
I am in Love .... I Love you Min

hello![/shadow] [blur]are there any one who can get me the whole code of the worm sobig.t@mm i want to make it sosobig[/blur]
::hide-beh [shadow]