sobig effects - batten down the hatches
Alex Soares de Moura
alex at rnp.br
Fri Aug 22 14:17:50 PDT 2003
Yes, we've applied ACLs to some destinations known it would try
to access and in the programmed time, we started to get hits on the
ACLs:
deny ip any host 67.73.21.6 log (558 matches)
deny ip any host 68.38.159.161 log (470 matches)
deny ip any host 67.9.241.67 log (593 matches)
deny ip any host 66.131.207.81 log (460 matches)
deny ip any host 65.177.240.194 log (623 matches)
deny ip any host 65.93.81.59 log (441 matches)
deny ip any host 65.95.193.138 log (622 matches)
deny ip any host 65.92.186.145 log (478 matches)
deny ip any host 63.250.82.87 log (644 matches)
deny ip any host 65.92.80.218 log (459 matches)
deny ip any host 61.38.187.59 log (621 matches)
deny ip any host 24.210.182.156 log (498 matches)
deny ip any host 24.202.91.43 log (630 matches)
deny ip any host 24.206.75.137 log (490 matches)
deny ip any host 24.197.143.132 log (664 matches)
deny ip any host 12.158.102.205 log (488 matches)
deny ip any host 24.33.66.38 log (685 matches)
deny ip any host 218.147.164.29 log (475 matches)
deny ip any host 12.232.104.221 log (646 matches)
deny ip any host 68.50.208.96 log (519 matches)
Alex
----- Original Message -----
From: "Rowan Crowe" <rowan at sensation.net.au>
To: <freebsd-isp at freebsd.org>
Sent: Friday, August 22, 2003 6:11 PM
Subject: sobig effects - batten down the hatches
> Has anyone seen any effects of the "second phase" of sobig? According to
> the article, sobig infected computers should have started downloading and
> executing files en masse around 2 hours ago.
>
> http://www.f-secure.com/news/items/news_2003082200.shtml
>
> If it works it sounds like it's going to be incredibly ugly.
>
>
> --
> Rowan Crowe - Melbourne, Australia
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
More information about the freebsd-isp
mailing list