[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] news: sobig.f -- anything yet??

Subject: [ale] news: sobig.f -- anything yet??
From: jonathan at xcorps.net (Jonathan Rickman)
Date: Fri, 22 Aug 2003 16:38:28 -0400

On Friday 22 August 2003 16:30, Robert L. Harris wrote:
> A group I'm listening to of top end backbone, etc providers /dev/nulled
> the routes to the machines in questions that couldn't be properly
> secured.
>
> The theory is that the 20 were machines that the virus writer had
> previously compromised.  Probably didn't have time to make any more and
> re-spread the worm.

Yes, but the 20 machines only hosted a list of URLs to download the real 
binary from. The machines hosting that binary are as yet unknown due to the 
DoS effects the infected machines had on the one system available out of 
the original 20. We're not out of the woods yet...

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Prev by Date: [ale] news: sobig.f -- anything yet??
Next by Date: [ale] news: sobig.f -- anything yet??
Previous by thread: [ale] news: sobig.f -- anything yet??
Next by thread: [ale] news: sobig.f -- anything yet??
Index(es):
- Date
- Thread