Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private> About 4 hours before it was due to trigger, F-Secure found an encrypted section of code in the Sobig virus that indicated an unsuspected payload. At 1900H UTC (noon, PDT) on Friday, infected computers would try to connect to a number of servers, download a program, and run it. Within that four hour period, F-Secure, possibly with the assistance of other institutions, was able to contact the ISPs for these machines, and have them all shut down. (One remains up. Presumably it has been turned into a honeypot, a form of trap for the people who intended to use it for the attack.) At this time, we do not know what the intention of the so-called "Stage 2" payload was, but the plan shows evidence of very careful planning, and, given the extreme number of Sobig infections, it could have been very serious. http://www.f-secure.com/news/items/news_2003082200.shtml http://www.f-secure.com/v-descs/sobig_f.shtml ====================== (quote inserted randomly by Pegasus Mailer) rsladeat_private sladeat_private rsladeat_private Madness takes its toll. Please have exact change ready. http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 25 2003 - 03:51:50 PDT