[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] news: sobig.f -- anything yet??

Subject: [ale] news: sobig.f -- anything yet??
From: Robert.L.Harris at rdlg.net (Robert L. Harris)
Date: Fri, 22 Aug 2003 16:30:02 -0400



A group I'm listening to of top end backbone, etc providers /dev/nulled
the routes to the machines in questions that couldn't be properly
secured.

The theory is that the 20 were machines that the virus writer had
previously compromised.  Probably didn't have time to make any more and
re-spread the worm.


Thus spake J.M. Taylor (jtaylor at onlinea.com):

> >From F-Secure:
> ------
> Update on 19:00 UTC
> 
> When deadline for the attack was passed, one machine was still (somewhat)
> up. However, immediatly after the deadline, this machine (located in the
> USA) was totally swamped under network traffic.
> 
> We've tried connecting to it, just like the virus does. We do this from
> three different sensors from three different machines in three different
> countries. We haven't been able to connect to it once. If we can't
> connect, neither can the viruses.
> 
> So the attack failed. Whoa.
> 
> We'll keep monitoring until 22:00 UTC. If we're not able to connect once,
> we can safely say that the attack was prevented.
> ------
> 
> I so don't believe that something this sophisticated just...fizzled
> quietly away. But...I certainly hope it did!  I'm a bit puzzled by only 20
> machines that were supposed to act as servers...from the major
> aggressiveness of this thing, you'd think that the best that could happen
> with zillions of infected PCs trying to hit 20 machines at once would be
> just a kind of lame ddos.
> 
> jenn
> 
> 
> 
> Nathan J. Underwood said:
> > Nothing yet, bugfixer and I were just discussing it on IRC.  Kinda
> > scary.
> >
> > Quoting "J.M. Taylor" <jtaylor at onlinea.com>:
> >
> >> Nothing on the news, nothing on F-Secure...it's distressingly quiet
> >> with potentially one 'master server' left running to deliver whatever
> >> it is that sobig wants...
> >>
> >> Anybody heard/seen anything?  I can't believe we're lucky enough for
> >> it to have crapped out at this stage...
> >>
> >> jenn
> >>
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://www.ale.org/mailman/listinfo/ale
> >>
> >
> >
> > --
> > Nathan J. Underwood
> > nathan at cybertechcafe.net
> > http://www.cybertechcafe.net
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Life is not a destination, it's a journey.
  Microsoft produces 15 car pileups on the highway.
    Don't stop traffic to stand and gawk at the tragedy.

 PGP signature

Prev by Date: [ale] news: sobig.f -- anything yet??
Next by Date: [ale] news: sobig.f -- anything yet??
Previous by thread: [ale] news: sobig.f -- anything yet??
Next by thread: [ale] news: sobig.f -- anything yet??
Index(es):
- Date
- Thread