|
-
August 22nd, 2003, 02:52 PM
#1
Sobig.F more dangerous that thought
Apparently anti-virus software company F-Secure decrypted the worms attack instructions. Qouted from an email I received from WatchGuard Security Alert:
"Sobig.F contains a list of 20 IP addresses which belong to different personal computers around the world, all apparently having broadband connections. Sobig.F infected machines have silently synchronized their clocks with the atomic clock (also known as the Universal Time Clock, or UTC). In a massive synchronized attack scheduled for today at 19:00:00 UTC (12:00 PST), the hundreds of thousands of Sobig.F infected machines around the world will authenticate to the 20 IP addresses hidden in the worm's code, download, and execute an unknown mystery program.
Given that Sobig's author has carefully issued, improved, and re-issued the worm six times since January, we take that to mean the mystery program will be more deadly than typical script-kiddie fare. However, note that that is our speculation; it is possible that the code could turn out to be a mild prank that simply displays some ego-driven, hacker message on an infected machine's screen. ......
Anti-virus researchers cannot learn what the malicious code will do because it has not been placed on the 20 servers yet for download. They assume the author will upload the code seconds before the massive attack is scheduled to start.
As we wrote this, Reuters reported that law enforcement authorities have shut down 12 of the 20 IP address from which Sobig.F will download its attack. However, because the 20 addresses are scattered around the world, it's unlikely that all will be caught before this attack takes place. Some version of Sobig.F's mystery attack will occur."
Latest Toy: Toshiba M400 Tablet PC, 2.0 Duo, 1024MB 80GB
-
August 22nd, 2003, 03:48 PM
#2
Where sources on this "Mystery" program that is scheduled to run on a given day?
I have been receiving emails, but my NAV has been deleting them on site, because of the SO BIG worm.
Kinda getting irritating though
-
August 22nd, 2003, 04:27 PM
#3
-
August 23rd, 2003, 01:33 AM
#4
Re: Sobig.F more dangerous that thought
PC World's followup article. Apparently they were able to shut all 20 servers down before the deadline.
http://www.pcworld.com/news/article/0,aid,112136,00.asp
Now this is just..
http://www.theledger.com/apps/pbcs.d.../1001/BUSINESS
They're closing in on whomever did it, which apparently started with EasyNews in Arizona. Hopefully they'll catch him soon.
http://biz.yahoo.com/prnews/030822/laf072_1.html
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
