[ale] sobig.f -- anything yet??
tfreeman at intel.digichem.net
tfreeman at intel.digichem.net
Fri Aug 22 16:21:05 EDT 2003
I wonder. Could it be that sobig.f was more a probe of the anti-virus
community's abilities to crack the encryption inside the worm than to
_actually_ do something with the worm? Knowing now something of the speed
of response, the authors/perps of this can modify their tactics, perhaps
giving 20 ip ranges to examine to the next bit of code next time.
Just a thought.
On Fri, 22 Aug 2003, Brian J. Dowd wrote:
> If it's just one master server left available now, then that would mean
> it, alone, must address a "start"
> message to all of the known "slaves" which have previsouly been
> compromised by SoBig.F.
>
> They will probably be told the target IP address and the DOS attack time
> in a *subsequent* message.
> It could be a while yet before we know what they were told to do and how
> many of them can do it.
>
> -Brian
>
> >Nothing on the news, nothing on F-Secure...it's distressingly quiet with
> >potentially one 'master server' left running to deliver whatever it is
> >that sobig wants...
> >
> >Anybody heard/seen anything? I can't believe we're lucky enough for it to
> >have crapped out at this stage...
> >
> >jenn
> >
> >
> >_______________________________________________
> >Ale mailing list
> >Ale at ale.org
> >http://www.ale.org/mailman/listinfo/ale
> >
> >
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
--
=============================================
If you think Education is expensive
Try Ignorance
Author Unknown
============================================
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list