On Friday 22 August 2003 03:19 pm, Florian Weimer wrote: > 18 of 20 addresses where known to the AV community since Tuesday. I > don't know what F-Secure is doing here. > > Why don't they publish the list of IP addresses so that people can put > filters on their networks?
67.73.21.6 68.38.159.161 67.9.241.67 66.131.207.81 65.177.240.194 65.93.81.59 65.95.193.138 65.92.186.145 63.250.82.87 65.92.80.218 61.38.187.59 24.210.182.156 24.202.91.43 24.206.75.137 24.197.143.132 12.158.102.205 24.33.66.38 218.147.164.29 12.232.104.221 68.50.208.96 alert udp $HOME_NET any -> $EXTERNAL_NET 8998 (msg:"Sobig Trojan Site Download Request"; content:"|5c bf 01 29 ca 62 eb f1|"; dsize:8; reference:url,www.lurhq.com/sobig-e.html; classtype:trojan-activity; sid:1000021; rev:1;) -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ Corporation http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
