Sobig.f surprise attack today

• Previous message (by thread): Sobig.f surprise attack today
• Next message (by thread): Sobig.f surprise attack today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>OK... Maybe I'm smoking crack here, but, if they have the list of 20 
>>machines,wouldn't it make more sense to replace them with honey-pots that download
>>code to remove SOBIG instead of just disabling them?
>>    
>>
>
>Only if we make assumptions that what they state is 100% fact and the whole truth of the matter. They know of 20 but, who is to say a variant in the wild doesn't know of 20 more ? Or 100 more ? Too late anyway. My other list subscriptions show it active now ...
>

symantec sez that it listens for properly-signed announcements
about new and improved servers from which to receive said payload.
so it can change the source list at any time.

s.

• Previous message (by thread): Sobig.f surprise attack today
• Next message (by thread): Sobig.f surprise attack today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]