On Sat, 2003-08-23 at 18:55, Tim Fletcher wrote: > On Fri, 2003-08-22 at 21:33, Compton, Rich wrote: > > As many of you know, the latest Sobig.F virus was scheduled to begin > > downloading unknown code from various IPs at 3:00 EST today on UDP port > > 8998. Does anybody have any idea what this code is? Are the infected boxes > > actually downloading code? Does anybody have an infected Windoze box with > > Sobig that can see what code was downloaded? > > While this is 2nd hand I have now heard about the same effect on 2 > different unrelated machines via friends on quakenet (irc) > > <Mikeh> email from a m8 > <Mikeh> got a bit of a prob > <Mikeh> with me pc, when i go online, after about a minute i get a > message saying > <Mikeh> "system is shutting down please save all work inj progress and > log off, > <Mikeh> system shut down was initiated by NT Authority/system. > > This could be something totally unrelated but the fact I have now heard > about it from 2 people since last night of whom 1 was definitely > infected with Sobig.F I think their is code out there. > > Putting this together with the comments made on the list about traffic > on udp port 8998 to a different set of ips from some of the Sobig.F > infected hosts leads me to suggest that there is "something" going on > but as to what I have very little idea as my only windows machine is for > playing games on and so sees no email or direct net traffic. I appear to be putting 2 and 2 together and getting 5 1/2 it's now less clear (at least to me) if this is MSBlaster of Sobig.F Sorry for the additional noise -- Tim Fletcher .~. tim@night-shade.org.uk /V\ L I N U X // \\ >Don't fear the penguin< irc: Night-Shade on Quakenet /( )\ ^^-^^ Justice is incidental to law and order. -- J. Edgar Hoover _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sat Aug 23 2003 - 11:50:22 PDT