On Fri, 2003-08-22 at 21:33, Compton, Rich wrote: > As many of you know, the latest Sobig.F virus was scheduled to begin > downloading unknown code from various IPs at 3:00 EST today on UDP port > 8998. Does anybody have any idea what this code is? Are the infected boxes > actually downloading code? Does anybody have an infected Windoze box with > Sobig that can see what code was downloaded? While this is 2nd hand I have now heard about the same effect on 2 different unrelated machines via friends on quakenet (irc) <Mikeh> email from a m8 <Mikeh> got a bit of a prob <Mikeh> with me pc, when i go online, after about a minute i get a message saying <Mikeh> "system is shutting down please save all work inj progress and log off, <Mikeh> system shut down was initiated by NT Authority/system. This could be something totally unrelated but the fact I have now heard about it from 2 people since last night of whom 1 was definitely infected with Sobig.F I think their is code out there. Putting this together with the comments made on the list about traffic on udp port 8998 to a different set of ips from some of the Sobig.F infected hosts leads me to suggest that there is "something" going on but as to what I have very little idea as my only windows machine is for playing games on and so sees no email or direct net traffic. -- Tim Fletcher .~. tim@night-shade.org.uk /V\ L I N U X // \\ >Don't fear the penguin< irc: Night-Shade on Quakenet /( )\ ^^-^^ Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sat Aug 23 2003 - 11:18:59 PDT