Heads-up: Possible Sobig-F second wave attack
Kurt Yoder
kylist at SHCORP.COM
Fri Aug 22 15:21:19 IST 2003
(Warning: getting OT; sorry)
According to
http://www.vnunet.com/News/1143169
"We recommend blocking the UDP port 8998 on a firewall, which is the
port the virus will try and use."
Antony Stone said:
> Hi.
>
> I just received this from Sophos. People may want to check
> firewall and
> mail gateway configurations before the weekend (Bank Holiday in the
> UK...)
>
> It's a pity they don't say what mechanism is likely to be used for
> any code
> download, however I would guess at either HTTP, or possibly port 25
> on a
> remote server, even if the mechanism isn't really SMTP.
<snipped>
--
Kurt Yoder
Sport & Health network administrator
More information about the MailScanner
mailing list