InfraGard Security Alert
Date: Friday, August 22 @ 17:05:05 CEST
Topic: Internet


Hi gang,

InfraGard, an FBI/Homeland Security group put this out today:

Computers infected with the Sobig.F worm are programmed
to automatically download an executable of unknown function
from a hard-coded list of servers at 19:00 UTC (2:00pm CDT)
X-Force is recommending wholesale outbound filtering of
the following IP addresses:

67.73.21.6
68.38.159.161
67.9.241.67
66.131.207.81
65.177.240.194
65.93.81.59
65.95.193.138
65.92.186.145
63.250.82.87
65.92.80.218
61.38.187.59
24.210.182.156
24.202.91.43
24.206.75.137
24.197.143.132
12.158.102.205
24.33.66.38
218.147.164.29
12.232.104.221
68.50.208.96

The request method uses UDP port 8998. X-Force also recommends that this port be filtered outbound.

Regards,
-sting





This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=545