Here is yesterday's news from Vexira. This is old news. :-)
http://www.centralcommand.com/21082003.html
Sobig.F will try to connect to these IP to update itself.
67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96
Graham
>... considering the general furore w.r.t. SobigF.
>
>I'm sure Sophos (forgive me for any perceived partiality) would for give
>me for the following extract from the generally available Sophos Alert
>System e-mail notification.
>
>I know that many of you will know this already (it's even been published
>on Norwegian sites, so it /has to be/ be current) but nevertheless:
>____________________________________________________________________
>
>Sophos researchers have published information on a second
>wave attack which the Sobig-F worm may attempt to make
>in the coming hours.
>
>On infected PCs, Sobig-F will attempt to download code from
>the internet and then run it on the computer. This occurs
>on Fridays and Sundays at 19:00-22:00 GMT. This equates
>to the following times in different parts of the world:
>
>Los Angeles 12 noon - 3:00pm
> Boston 3:00pm - 6:00pm
> London 8:00pm - 11:00pm
> Berlin 9:00pm - 12:00 midnight
> Hong Kong 3:00am - 6:00am (Saturday and Monday)
> Tokyo 4:00am - 7:00am (Saturday and Monday)
> Sydney 5:00am - 8:00am (Saturday and Monday)
>
>(Note that because of time differences, the attempt
>to download code will happen on Saturdays and Mondays
>in the Far East and Australasia).
>
>The worm has been programmed to automatically direct infected
>PCs to a server controlled by the virus writer from which a
>malicious program could be downloaded. At the moment, it is
>not known what the download material will do, but
>possibilities include launching another virus or spam
>attack, collecting sensitive information, or deleting
>files stored on an infected computer or network.
>
>More details on how to prevent the download happening on
>your computers, and information on how to clean-up
>a Sobig infection, are available at the following urls:
>
> http://www.sophos.com/virusinfo/analyses/w32sobigf.html
> http://www.sophos.com/sobig
> http://www.sophos.com/virusinfo/articles/sobigextra.html
>
>___________________________________________________________
>
>Tony
>
>--
>Tony Earnshaw
>
>Looking backwards is always easy with hindsight
>
>http://www.billy.demon.nl
>Mail: tonni@???
>
>
--
---
Graham Hillstomer II
Senior System Admin *BSD, HP-UX, Solaris
Quality of Service Response Team
Antivirus Solution Manager / SPAM Control Team Assistant
ghillstomer@???
___________________________________________________
What type of toy animal was "wheezy" in the film "Toy Story 2"?
Find out at postmaster.co.uk
http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=278
