I know this is "old hat" to most, but I just found out about it. Reposted here:
All the infected computers are entering a second phase today, on Friday the 22nd of August, 2003. These computers are using atom clocks to synchronize the activation to start exactly at the same time around the world: at 19:00:00 UTC (12:00 in San Francisco, 20:00 in London, 05:00 on Saturday in Sydney). On this moment, the worm starts to connect to machines found from an encrypted list hidden in the virus body. The list contains the address of 20 computers located in USA, Canada and South Korea. �These 20 machines seem to be typical home PCs, connected to the Internet with always-on DSL connections�, says Mikko Hypponen, Director of Anti-Virus Research at F-Secure. �Most likely the party behind Sobig.F has broken into these computers and they are now being misused to be part of this attack�. The worm connects to one of these 20 servers and authenticates itself with a secret 8-byte code. The servers respond with a web address. Infected machines download a program from this address � and run it. At this moment it is completely unknown what this mystery program will do. http://www.f-secure.com/news/items/news_2003082200.shtml Steve Forerunners Org ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
