Heads-up: Possible Sobig-F second wave attack

Kurt Yoder kylist at SHCORP.COM
Fri Aug 22 15:21:19 IST 2003


(Warning: getting OT; sorry)

According to

http://www.vnunet.com/News/1143169

"We recommend blocking the UDP port 8998 on a firewall, which is the
port the virus will try and use."

Antony Stone said:
> Hi.
>
> I just received this from Sophos.   People may want to check
> firewall and
> mail gateway configurations before the weekend (Bank Holiday in the
> UK...)
>
> It's a pity they don't say what mechanism is likely to be used for
> any code
> download, however I would guess at either HTTP, or possibly port 25
> on a
> remote server, even if the mechanism isn't really SMTP.

<snipped>

--
Kurt Yoder
Sport & Health network administrator



More information about the MailScanner mailing list