[ale] news: sobig.f -- anything yet??
Robert L. Harris
Robert.L.Harris at rdlg.net
Fri Aug 22 16:44:31 EDT 2003
Nope, but if we can keep them from getting the list, that's a start. If
the author rushes out a new virus they may screw up and make a mistake.
Tack on that now we know the 20 machines the authorities can likely
secure one and disassemble it.
Thus spake Jonathan Rickman (jonathan at xcorps.net):
> On Friday 22 August 2003 16:30, Robert L. Harris wrote:
> > A group I'm listening to of top end backbone, etc providers /dev/nulled
> > the routes to the machines in questions that couldn't be properly
> > secured.
> >
> > The theory is that the 20 were machines that the virus writer had
> > previously compromised. Probably didn't have time to make any more and
> > re-spread the worm.
>
> Yes, but the 20 machines only hosted a list of URLs to download the real
> binary from. The machines hosting that binary are as yet unknown due to the
> DoS effects the infected machines had on the one system available out of
> the original 20. We're not out of the woods yet...
>
> --
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
:wq!
---------------------------------------------------------------------------
Robert L. Harris | GPG Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
Life is not a destination, it's a journey.
Microsoft produces 15 car pileups on the highway.
Don't stop traffic to stand and gawk at the tragedy.
PGP signature
More information about the Ale
mailing list