I believe it makes use of ntp for the date sensitive stuff... -KF
Dan Stromberg wrote:
What if someone cranks a clock forward and sees what the program does?
Not having any windows systems at all, I'm in a poor position to try this. :)
On Fri, 2003-08-22 at 13:33, Compton, Rich wrote:
As many of you know, the latest Sobig.F virus was scheduled to begin downloading unknown code from various IPs at 3:00 EST today on UDP port 8998. Does anybody have any idea what this code is? Are the infected boxes actually downloading code? Does anybody have an infected Windoze box with Sobig that can see what code was downloaded?
Here's a link to some info at Sophos in case you are unfamiliar with this.
http://www.sophos.com/virusinfo/articles/sobigextra.html
Looking at the infection rates of this virus, I'd say that it's pretty important that we find out what this code is and what it does ASAP!
Thanks,
Rich Compton
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
