RE: Important infor on Sobig.F

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 22 Aug 2003 09:58:11 -0700

Additional information from another e-mail admin list:

 

> 

> Computers infected with the Sobig.F worm are programmed

> to automatically download an executable of unknown function from a 

> hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is 

> recommending wholesale outbound filtering of the following IP 

> addresses:

> 

> 67.73.21.6

> 68.38.159.161

> 67.9.241.67

> 66.131.207.81

> 65.177.240.194

> 65.93.81.59

> 65.95.193.138

> 65.92.186.145

> 63.250.82.87

> 65.92.80.218

> 61.38.187.59

> 24.210.182.156

> 24.202.91.43

> 24.206.75.137

> 24.197.143.132

> 12.158.102.205

> 24.33.66.38

> 218.147.164.29

> 12.232.104.221

> 68.50.208.96

> 

> The request method uses UDP port 8998. X-Force also

> recommends that this port be filtered outbound.

> 

 

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Friday, August 22, 2003 9:48 AM
To: [ExchangeList]
Subject: [exchangelist] Important infor on Sobig.F
Importance: High

 

http://www.MSExchange.org/

Please read this:

 

http://f-secure.com/news/items/news_2003082200.shtml

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: