Results 1 to 4 of 4

Thread: Sobig Phase 2 ?

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

August 23rd, 2003, 04:06 PM #4
da'dodo

View Profile

View Forum Posts

Visit Homepage
Member

Join Date

Sep 2002

Posts

77
The idea with phase two was that the virus uploaded a key to one of the twenty servers. This then replied with the real address of the phase two virus (in the form of a URL). However, until the download time (8pm GMT) these 20 servers had the wrong URL (purposefully). This meant that the 'real' virus couldn't be found and analysed before it was downloaded and run.

The list of the 20 URL servers were stored in the program in an encrypted list, to slow/stop the authorities from shutting them down. However this was decrypted and the list of the 20 URL servers can be found here .

\"Death is more universal than life; everyone dies but not everyone lives.\"
A. Sachs
Reply With Quote

Quick Navigation Web Security Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Sobig Phase 2 ?

Thread Tools

Display

Threaded View

Posting Permissions