RE: Important info on Sobig.F

• From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 22 Aug 2003 09:56:06 -0700

Additional information:

> 
> Computers infected with the Sobig.F worm are programmed
> to automatically download an executable of unknown function from a 
> hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is 
> recommending wholesale outbound filtering of the following IP 
> addresses:
> 
> 67.73.21.6
> 68.38.159.161
> 67.9.241.67
> 66.131.207.81
> 65.177.240.194
> 65.93.81.59
> 65.95.193.138
> 65.92.186.145
> 63.250.82.87
> 65.92.80.218
> 61.38.187.59
> 24.210.182.156
> 24.202.91.43
> 24.206.75.137
> 24.197.143.132
> 12.158.102.205
> 24.33.66.38
> 218.147.164.29
> 12.232.104.221
> 68.50.208.96
> 
> The request method uses UDP port 8998. X-Force also
> recommends that this port be filtered outbound.
>

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com


> -----Original Message-----
> From: John Tolmachoff [mailto:john@xxxxxxxxxxxxxxxxxxx]
> Sent: Friday, August 22, 2003 9:46 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Important info on Sobig.F
> Importance: High
> 
> http://www.ISAserver.org
> 
> 
> Please read this:
> 
> http://f-secure.com/news/items/news_2003082200.shtml
> 
> John Tolmachoff MCSE CSSA
> Engineer/Consultant
> eServices For You
> www.eservicesforyou.com
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Important info on Sobig.F
• » Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F
• » RE: Important info on Sobig.F

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---