From: Aron Roberts (aron_at_socrates.berkeley.edu)
Date: Fri Aug 22 2003 - 15:25:33 PDT
At 14:33 -0700 2003-08-22, Shel Waggener wrote:
>This threat has been largely blocked by the removal of the download locations
>from the internet registry. However shutdown before weekend
>departure would be a prudent precaution.
As follow-on to Shel's message, a CNET news article, excerpted
below, discusses the current status of the Sobig.F virus's activities.
Aron Roberts
Workstation Software Support Group
-- Robert Lemos, CNET News.com "Race against Sobig reportedly successful" <http://news.com.com/2100-1009-5067311.html?tag=nl> August 22, 2003, 2:07 PM PT >The second stage of an attack by the Sobig.F computer virus fizzled >Friday when security researchers and network operators managed to >secure the 20 servers from which the virus was scheduled to download >new instructions. > >Security experts discovered Thursday that the tens of thousands of >PCs infected this week with the Sobig.F virus were scheduled to >contact 20 servers and to download additional software. ... > >However, security experts were able to locate the servers and warn >network operators of the danger. By the noon deadline, all the >servers had apparently been isolated from the Internet or secured in >some other way. ... > >Joe Stewart, senior security researcher for managed security service >company LURHQ ... warned, however, that one of the 20 compromised >machines may have been taken down by the person or group that >created Sobig.F to fool defenders. ... > >While Stewart's research indicated the 20 targeted servers were >unavailable Friday afternoon, antivirus firm Symantec said it >detected that a single server was directing compromised computers to >a porn site. However, the adult site apparently had no software for >the virus to download. > >"The adult Web site would not have posed any danger," said Steve >Trilling, senior director of research for the company. "The only net >impact would have been a denial of service on that site." ... > >Sobig.f, a mass-mailing computer virus that spreads to Microsoft >Windows computers through e-mail, attempts to connect to the >Internet between noon and 3 p.m. PDT on Fridays and Sundays until >Sept. 10, when it will delete itself. ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Fri Aug 22 2003 - 15:38:13 PDT