>From the F-Secure article. F-Secure has been able to break into this system and crack the encryption, but currently the web address sent by the servers doesn't go anywhere. "The developers of the virus know that we could download the program beforehand, analyse it and come up with countermeasures", says Hypponen. "So apparently their plan is to change the web address to point to the correct address or addresses just seconds before the deadline. By the time we get a copy of the file, the infected computers have already downloaded and run it".
- Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Mellott, Bill [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 11:50 AM To: Exchange Discussions Subject: RE: Sobig.F alert Ok so Ive got this Q...some of the article say's about it downloading this Trojan from some server "out there" OK so..like does this then mean..that somebody has decompiled this puppy and found this out.... OK wouldn't they have found out where this "server" out there is? domain name? ip? somthing? just Q bill -----Original Message----- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=story&ncid=1211&e=1&u=/nm/20030822 /tc_ nm/tech_internet_virus_dc&sid=95573372 -----Original Message----- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
