[ale] news: sobig.f -- anything yet??
Jonathan Rickman
jonathan at xcorps.net
Fri Aug 22 16:38:28 EDT 2003
On Friday 22 August 2003 16:30, Robert L. Harris wrote:
> A group I'm listening to of top end backbone, etc providers /dev/nulled
> the routes to the machines in questions that couldn't be properly
> secured.
>
> The theory is that the 20 were machines that the virus writer had
> previously compromised. Probably didn't have time to make any more and
> re-spread the worm.
Yes, but the 20 machines only hosted a list of URLs to download the real
binary from. The machines hosting that binary are as yet unknown due to the
DoS effects the infected machines had on the one system available out of
the original 20. We're not out of the woods yet...
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list