[ale] news: sobig.f -- anything yet??

Robert L. Harris Robert.L.Harris at rdlg.net
Fri Aug 22 16:30:02 EDT 2003




A group I'm listening to of top end backbone, etc providers /dev/nulled
the routes to the machines in questions that couldn't be properly
secured.

The theory is that the 20 were machines that the virus writer had
previously compromised.  Probably didn't have time to make any more and
re-spread the worm.


Thus spake J.M. Taylor (jtaylor at onlinea.com):

> >From F-Secure:
> ------
> Update on 19:00 UTC
> 
> When deadline for the attack was passed, one machine was still (somewhat)
> up. However, immediatly after the deadline, this machine (located in the
> USA) was totally swamped under network traffic.
> 
> We've tried connecting to it, just like the virus does. We do this from
> three different sensors from three different machines in three different
> countries. We haven't been able to connect to it once. If we can't
> connect, neither can the viruses.
> 
> So the attack failed. Whoa.
> 
> We'll keep monitoring until 22:00 UTC. If we're not able to connect once,
> we can safely say that the attack was prevented.
> ------
> 
> I so don't believe that something this sophisticated just...fizzled
> quietly away. But...I certainly hope it did!  I'm a bit puzzled by only 20
> machines that were supposed to act as servers...from the major
> aggressiveness of this thing, you'd think that the best that could happen
> with zillions of infected PCs trying to hit 20 machines at once would be
> just a kind of lame ddos.
> 
> jenn
> 
> 
> 
> Nathan J. Underwood said:
> > Nothing yet, bugfixer and I were just discussing it on IRC.  Kinda
> > scary.
> >
> > Quoting "J.M. Taylor" <jtaylor at onlinea.com>:
> >
> >> Nothing on the news, nothing on F-Secure...it's distressingly quiet
> >> with potentially one 'master server' left running to deliver whatever
> >> it is that sobig wants...
> >>
> >> Anybody heard/seen anything?  I can't believe we're lucky enough for
> >> it to have crapped out at this stage...
> >>
> >> jenn
> >>
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://www.ale.org/mailman/listinfo/ale
> >>
> >
> >
> > --
> > Nathan J. Underwood
> > nathan at cybertechcafe.net
> > http://www.cybertechcafe.net
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Life is not a destination, it's a journey.
  Microsoft produces 15 car pileups on the highway.
    Don't stop traffic to stand and gawk at the tragedy.

 PGP signature




More information about the Ale mailing list