Jump to content

Infraguard Security Alert


Recommended Posts

InfraGard, an FBI/Homeland Security group put this out today:

 

Computers infected with the Sobig.F worm are programmed

to automatically download an executable of unknown function

from a hard-coded list of servers at 19:00 UTC (2:00pm CDT)

X-Force is recommending wholesale outbound filtering of

the following IP addresses:

 

67.73.21.6

68.38.159.161

67.9.241.67

66.131.207.81

65.177.240.194

65.93.81.59

65.95.193.138

65.92.186.145

63.250.82.87

65.92.80.218

61.38.187.59

24.210.182.156

24.202.91.43

24.206.75.137

24.197.143.132

12.158.102.205

24.33.66.38

218.147.164.29

12.232.104.221

68.50.208.96

 

The request method uses UDP port 8998. X-Force also recommends that this port be filtered outbound.

Link to post
Share on other sites
  • 2 weeks later...

That's why very few people have my personal e-mail address and those who do I make sure are educated by me ;)

 

Besides, whenever someone sends me an e-mail (to any of my addresses) and that e-mail has multiple recipients with visible e-mail addresses, they get a nice message from me explaining why they shouldn't send messages with visible multiple recipients (virus take advantage of it, spammers too...) and asking them to use BCC for the recipients ;)

Link to post
Share on other sites

I don't hide my address from friends, family or co-workers either - but they all get educated before I give them my address ;)

Unless, of course, I know beforehand that they won't spread my address. For instance, I gave you guys my personal address because I don't think you'll make bad use of it ;)

Link to post
Share on other sites

It seems a little futile to try to get people to change their habits. Most people that I know who forward emails aren't that computer literate and don't really worry about viruses - until they get hit.

 

I've been pretty fortunate and have only been very minimally effected by the latest rash of email viruses. I use my yahoo account for most things and my personal email is kept very private. And of course I never open an attachment.

Link to post
Share on other sites
I don't hide my address from friends, family or co-workers either - but they all get educated before I give them my address ;)

Unless, of course, I know beforehand that they won't spread my address. For instance, I gave you guys my personal address because I don't think you'll make bad use of it ;)

I learned many years ago that I cant educate my family or friends on computer use.

 

They just dont want to learn!

 

As far as Viris emails, bring em on! Im ready!

Link to post
Share on other sites
I learned many years ago that I cant educate my family or friends on computer use.

 

They just dont want to learn!

LOL

That is so true... ;)

 

I have that same problem. I keep trying to teach them how to do basic stuff, so they don't need to call me every time they need to do something a little out of the ordinary but they just seem to be afraid of learning computer related stuff ;)

Edited by borfast
Link to post
Share on other sites
I have that same problem. I keep trying to teach them how to do basic stuff, so they don't need to call me every time they need to do something a little out of the ordinary but they just seem to be afraid of learning computer related stuff

 

I can beat that, try teaching your 76 year old grandmother how to use a computer ;)

Link to post
Share on other sites
Thats why I give each family member a different addy,

and when they get infected,

I blackhole the addy and give them another

Now that's a good idea! I should do that too :D

 

I can beat that, try teaching your 76 year old grandmother how to use a computer

That's what I call a real Challenge (notice the capital 'C' ;))

 

My grandmother can't learn how to use a cell phone! I can't imagine how it would be like to put her in front of a computer and try to convince her that it's not a television and she's in fact controling that little arrow that moves around the screen.

 

I wonder what she'd think of pressing "buttons" that are not really there... something that she can't touch with her own hands but instead has to use that little thing attached to a cord...

 

It must be really confusing for old people but now that I think about it, it's quite interesting too :(

 

"A typewriter that does not print in paper but instead displays the characters in a television. Wait, it gets better: you can delete characters simply by pressing a button! Oh joy!" ;)

Edited by borfast
Link to post
Share on other sites

she has actually been using a computer for years, but Windows is like a foriegn country for her, she STILL works as an accountant and has been using DOS based programs forever. I just have to explain things 792 times before it sinks in, stuff like changing the background for her e-mails.

Link to post
Share on other sites

Just one thing to note about this virus if it hasn't been mentioned already - it can apparently access a user's address book, and then send out emails spoofing any address listed as the from address. I've had a few emails that I had apparently "sent" from an OSX machine that can't be infected returned by email servers becase of the virus, and I've been worrying that people getting the email with my spoofed address might get tricked into opening it.

 

If you have the capability, I would reccomending using a program like PGP to sign all of your emails. This allows people to verify that you actually sent the message, and that it wasn't spoofed by a virus, because a virus doesn't have the password needed to calculate your signiature. This way, if people get messages from you without your signiature, they can determine that the address might be spoofed by a virus, and avoid spreading the infection.

 

That, and convincing people to use virus scanners is a good idea :)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...