22 Aug
2003
22 Aug
'03
2:58 p.m.
OK... Maybe I'm smoking crack here, but, if they have the list of 20 machines,wouldn't it make more sense to replace them with honey-pots that download code to remove SOBIG instead of just disabling them?
Only if we make assumptions that what they state is 100% fact and the whole truth of the matter. They know of 20 but, who is to say a variant in the wild doesn't know of 20 more ? Or 100 more ? Too late anyway. My other list subscriptions show it active now ...
symantec sez that it listens for properly-signed announcements about new and improved servers from which to receive said payload. so it can change the source list at any time. s.