Sobig.f surprise attack today

• Previous message (by thread): Sobig.f surprise attack today
• Next message (by thread): Sobig.f surprise attack today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 22 Aug 2003, Andrew Kerr wrote:

> Its been posted here, and f-secure has it, but I wrote a quick script to
> keep an eye on the 20 servers and dump the output to a simple page:
>
> http://207.195.54.37/sobig.html
>
> (Updates about every 5 mins)

You're probing the list of NTP servers the worm uses to get the date, not
the list of hosts to which it "phones home".

-- 
Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

• Previous message (by thread): Sobig.f surprise attack today
• Next message (by thread): Sobig.f surprise attack today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]