See: http://www.f-secure.com/weblog/archives/archive-122005.html#00000729 - ferg -- Elijah Savage <esavage@digitalrage.org> wrote: Can anyone confirm this I got this from a security partner of ours. The source code for the Sober.Z worm, which began infecting computers worldwide on Nov. 21, indicates that the author(s) are planning to launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with the 87th anniversary of the founding of the Nazi Party. On these dates, PCs infected with Sober.Z will be instructed to connect to numerous servers to download malicious code that will likely send out German and English language email hate messages. Uknown Company (my edit)encourages network administrators to protect themselves by blocking domains believed to host the malicious code. These domains are: http://people.freenet.de/ http://scifi.pages.at/ http://home.pages.at/ http://free.pages.at/ http://home.arcor.de/ -- http://www.digitalrage.org/ The Information Technology News Center -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
Fergie wrote:
See:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000729
- ferg
-- Elijah Savage <esavage@digitalrage.org> wrote:
Can anyone confirm this I got this from a security partner of ours.
The source code for the Sober.Z worm, which began infecting computers worldwide on Nov. 21, indicates that the author(s) are planning to launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with the 87th anniversary of the founding of the Nazi Party. On these dates, PCs infected with Sober.Z will be instructed to connect to numerous servers to download malicious code that will likely send out German and English language email hate messages. Uknown Company (my edit)encourages network administrators to protect themselves by blocking domains believed to host the malicious code. These domains are: http://people.freenet.de/ http://scifi.pages.at/ http://home.pages.at/ http://free.pages.at/ http://home.arcor.de/
Thank you I always forget about f secure and they did not post as musch info on symantecs site or I missed it some how. -- http://www.digitalrage.org/ The Information Technology News Center
On Tue, 3 Jan 2006, Fergie wrote:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000729 - ferg
http://www.f-secure.com/weblog/archives/archive-122005.html#00000743 whois www-f-secure.com nice. -Dan
On Tue, 3 Jan 2006 goemon@anime.net wrote:
On Tue, 3 Jan 2006, Fergie wrote:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000729 - ferg
http://www.f-secure.com/weblog/archives/archive-122005.html#00000743
whois www-f-secure.com
a) Has the registrar been contacted about this, and b) has anyone tried calling the US number listed in the WHOIS record? -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307
participants (4)
-
Elijah Savage
-
Fergie
-
goemon@anime.net
-
Steve Sobol