On Fri, 2003-08-22 at 14:20, HaywireMac wrote: > I don't know if anyone else is noticing this, but this list is giving me > headaches, and I want to know if the problem is on my end or not. > > 1. It is taking eons for my posts to reach the list. > > 2. The threads are not being preserved consistently, if ever. > > Help? Comments? Show tunes?
No the problem is not you. You may have missed it since you run Linux, but there is a war going on right now with M$ machines and the Sobig worm. (snicker) So because of all the POS M$ shit on the web, the traffic is clogged right now like you wouldn't believe. Trunklines are pretty much getting slammed. Not only that, but brace yourselves because there is a major assault planned for this very night. 19:00 hours UTC, I believe. Or 12:00 PST. Um, "to wit": :) -------------------------------------------------------------------- From: WatchGuard LiveSecurity An Update on Sobig.F Mystery Attack Scheduled for Today "Toothless" Worm Had Hidden Fangs August 22 2003 Virus Update On August 19, we alerted you to the Sobig.F worm that was filling its victims Inbox with avalanches of junk mail. Since then, startling new facts have emerged showing that Sobig is potentially far more destructive than first imagined. Today, anti-virus vendor F-Secure has alerted the world to hidden attack instructions lurking within Sobig.F's code. The worm's author encrypted these attack instructions, which F-secure successfully decrypted just last night. We now understand more of Sobig.F's attack sequence, and it's like something straight out of a sci-fi thriller novel. Sobig.F contains a list of 20 IP addresses which belong to different personal computers around the world, all apparently having broadband connections. Sobig.F infected machines have silently synchronized their clocks with the atomic clock (also known as the Universal Time Clock, or UTC). In a massive synchronized attack scheduled for today at 19:00:00 UTC (12:00 PST), the hundreds of thousands of Sobig.F infected machines around the world will authenticate to the 20 IP addresses hidden in the worm's code, download, and execute an unknown mystery program. Given that Sobig's author has carefully issued, improved, and re-issued the worm six times since January, we take that to mean the mystery program will be more deadly than typical script-kiddie fare. However, note that that is our speculation; it is possible that the code could turn out to be a mild prank that simply displays some ego-driven, hacker message on an infected machine's screen. However, when it comes to your network, we figure "better safe than sorry," so we're treating the attack seriously. Anti-virus researchers cannot learn what the malicious code will do because it has not been placed on the 20 servers yet for download. They assume the author will upload the code seconds before the massive attack is scheduled to start. As we wrote this, Reuters reported that law enforcement authorities have shut down 12 of the 20 IP address from which Sobig.F will download its attack. However, because the 20 addresses are scattered around the world, it's unlikely that all will be caught before this attack takes place. Some version of Sobig.F's mystery attack will occur. What Your WatchGuard Firewall Can Do If you haven't already done so, we highly recommend you update all your computer's anti-virus signatures. If you have any Sobig.F infected machines, take them offline immediately and clean before putting them back online. Firebox owners should continue blocking .SCR and .PIF files using their SMTP proxy. Click here for more details on blocking attachments with your SMTP proxy. Sobig.F uses port UDP/8998 to access the 20 IP addresses. It also causes infected machines to listen on ports 995 through 999. Firebox users can create a custom service to block these ports (incoming and outgoing) so that if there are any infected machines on your network, they cannot access the "mystery code. ----------------------------------------------------------------- LX -- ����������������������������������������������� Linux Mandrake 9.1 Kernel 2.4.21-0.13mdk *Catch Star Trek Enterprise, Wednesdays on UPN* ������������������������������������������������
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
