[Exim] Re: OT but could be useful to some mailadmins ...

Top Page
Delete this message
Reply to this message
Author: Graham Hillstomer
Date:  
To: Tony Earnshaw
CC: postfix-users, exim-users
Subject: [Exim] Re: OT but could be useful to some mailadmins ...
Here is yesterday's news from Vexira. This is old news. :-)



http://www.centralcommand.com/21082003.html



Sobig.F will try to connect to these IP to update itself.



67.73.21.6

68.38.159.161

67.9.241.67

66.131.207.81

65.177.240.194

65.93.81.59

65.95.193.138

65.92.186.145

63.250.82.87

65.92.80.218

61.38.187.59

24.210.182.156

24.202.91.43

24.206.75.137

24.197.143.132

12.158.102.205

24.33.66.38

218.147.164.29

12.232.104.221

68.50.208.96



Graham





>... considering the general furore w.r.t. SobigF.


>


>I'm sure Sophos (forgive me for any perceived partiality) would for give


>me for the following extract from the generally available Sophos Alert


>System e-mail notification.


>


>I know that many of you will know this already (it's even been published


>on Norwegian sites, so it /has to be/ be current) but nevertheless:


>____________________________________________________________________


>


>Sophos researchers have published information on a second


>wave attack which the Sobig-F worm may attempt to make


>in the coming hours.


>


>On infected PCs, Sobig-F will attempt to download code from


>the internet and then run it on the computer. This occurs


>on Fridays and Sundays at 19:00-22:00 GMT. This equates


>to the following times in different parts of the world:


>


>Los Angeles    12 noon -  3:00pm


>      Boston    3:00pm  -  6:00pm


>      London    8:00pm  - 11:00pm


>      Berlin    9:00pm  - 12:00 midnight


>   Hong Kong    3:00am  -  6:00am (Saturday and Monday)


>       Tokyo    4:00am  -  7:00am (Saturday and Monday)


>      Sydney    5:00am  -  8:00am (Saturday and Monday)


>


>(Note that because of time differences, the attempt


>to download code will happen on Saturdays and Mondays


>in the Far East and Australasia).


>


>The worm has been programmed to automatically direct infected


>PCs to a server controlled by the virus writer from which a


>malicious program could be downloaded. At the moment, it is


>not known what the download material will do, but


>possibilities include launching another virus or spam


>attack, collecting sensitive information, or deleting


>files stored on an infected computer or network.


>


>More details on how to prevent the download happening on


>your computers, and information on how to clean-up


>a Sobig infection, are available at the following urls:


>


> http://www.sophos.com/virusinfo/analyses/w32sobigf.html


> http://www.sophos.com/sobig


> http://www.sophos.com/virusinfo/articles/sobigextra.html


>


>___________________________________________________________


>


>Tony


>


>--


>Tony Earnshaw


>


>Looking backwards is always easy with hindsight


>


>http://www.billy.demon.nl


>Mail: tonni@???


>


>







--
---

Graham Hillstomer II

Senior System Admin *BSD, HP-UX, Solaris

Quality of Service Response Team

Antivirus Solution Manager / SPAM Control Team Assistant

ghillstomer@???


___________________________________________________
What type of toy animal was "wheezy" in the film "Toy Story 2"?
Find out at postmaster.co.uk

http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=278