[61087] in North American Network Operators' Group
Re: Sobig.f surprise attack today
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Aug 22 14:35:38 2003
Date: Fri, 22 Aug 2003 11:27:52 -0700
From: Owen DeLong <owen@delong.com>
To: jdawson@flexpop.net, nanog@merit.edu, Jaana.Sirkia@f-secure.com
In-Reply-To: <Pine.BSI.4.10.10308221100151.11138-100000@pdx-s02.navi.net>
Errors-To: owner-nanog-outgoing@merit.edu
OK... Maybe I'm smoking crack here, but, if they have the list of 20
machines,
wouldn't it make more sense to replace them with honey-pots that download
code to remove SOBIG instead of just disabling them?
Let's use the virus against itself. At this point, I think that's a
legitimate
countermeasure.
Owen
--On Friday, August 22, 2003 11:01 AM -0700 Jim Dawson <jdawson@navi.net>
wrote:
>
> F-Secure Corporation is warning about a new level of attack to be
> unleashed by the Sobig.F worm today. Supposed to take place at 1900 UTC.
>
> http://www.f-secure.com/news/items/news_2003082200.shtml
>
> Jim
> --
>
> See what ISP-Planet is saying about us!
> http://isp-planet.com/services/wholesalers/flexpop.html
> __________________________________________________________________
> Jim Dawson jdawson@flexpop.net
> Flexpop/Navi.Net http://www.flexpop.net
> 618 NW Glisan St. Ste. 101 v. +1.503.517.8866
> Portland, Or 97209 USA f. +1.503.517.8868
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
