Additional information: > > Computers infected with the Sobig.F worm are programmed > to automatically download an executable of unknown function from a > hard-coded list of servers at 19:00 UTC (3:00pm EDT) X-Force is > recommending wholesale outbound filtering of the following IP > addresses: > > 67.73.21.6 > 68.38.159.161 > 67.9.241.67 > 66.131.207.81 > 65.177.240.194 > 65.93.81.59 > 65.95.193.138 > 65.92.186.145 > 63.250.82.87 > 65.92.80.218 > 61.38.187.59 > 24.210.182.156 > 24.202.91.43 > 24.206.75.137 > 24.197.143.132 > 12.158.102.205 > 24.33.66.38 > 218.147.164.29 > 12.232.104.221 > 68.50.208.96 > > The request method uses UDP port 8998. X-Force also > recommends that this port be filtered outbound. > John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: John Tolmachoff [mailto:john@xxxxxxxxxxxxxxxxxxx] > Sent: Friday, August 22, 2003 9:46 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Important info on Sobig.F > Importance: High > > http://www.ISAserver.org > > > Please read this: > > http://f-secure.com/news/items/news_2003082200.shtml > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')