> > Computers infected with the Sobig.F worm are programmed > to automatically download an executable of unknown function > from a hard-coded list of servers at 19:00 UTC (3:00pm EDT) > X-Force is recommending wholesale outbound filtering of > the following IP addresses: >
Anyone else have thoughts on this?:) Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of GPF Sent: Friday, August 22, 2003 11:38 AM To: [EMAIL PROTECTED] Subject: [IMail Forum] OT: ISS Security Brief: Sobig.F Second Phase Action > > Computers infected with the Sobig.F worm are programmed > to automatically download an executable of unknown function > from a hard-coded list of servers at 19:00 UTC (3:00pm EDT) > X-Force is recommending wholesale outbound filtering of > the following IP addresses: > > 67.73.21.6 > 68.38.159.161 > 67.9.241.67 > 66.131.207.81 > 65.177.240.194 > 65.93.81.59 > 65.95.193.138 > 65.92.186.145 > 63.250.82.87 > 65.92.80.218 > 61.38.187.59 > 24.210.182.156 > 24.202.91.43 > 24.206.75.137 > 24.197.143.132 > 12.158.102.205 > 24.33.66.38 > 218.147.164.29 > 12.232.104.221 > 68.50.208.96 > > The request method uses UDP port 8998. X-Force also > recommends that this port be filtered outbound. > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
