Brace yourselves.. W32/Sobig-F about to mutate...
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri Aug 22 18:14:36 UTC 2003
On Fri, 22 Aug 2003 Valdis.Kletnieks at vt.edu wrote:
> A quick heads up, if anybody hasn't heard:
>
> At 1900GMT today, ET phones home, and picks up the next payload of
> instructions. Nobody knows (yet) what they'll be, but SoBig-E erased itself,
> put in a password grabber, and then installed a mail proxy for spammer use.
"On this moment, the worm starts to connect to machines found from an encrypted
list hidden in the virus body. The list contains the address of 20 computers
located in USA, Canada and South Korea."
erm so why dont we just block (preferably bgp null route) these sites?
More information about the NANOG
mailing list