[31821] in bugtraq
SV: Ruh-Roh SOBIG.G?
daemon@ATHENA.MIT.EDU (Peter Kruse)
Fri Sep 26 00:16:54 2003
Reply-To: <kruse@railroad.dk>
From: "Peter Kruse" <kruse@krusesecurity.dk>
To: "'Liviu Daia'" <Liviu.Daia@imar.ro>, <bugtraq@securityfocus.com>
Date: Fri, 26 Sep 2003 00:02:24 +0200
Message-ID: <000901c383b0$b3dc7c40$0202a8c0@teliahomebase>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
In-Reply-To: <20030925220326.3800018064@euler.imar.ro>
Content-Transfer-Encoding: 8bit
Hi,
There is no new Sobig worm here. I just ran through samples received by
the original poster and I can confirm that these are all Sobig-F
samples. The worm is known to be polymorphic which by nature will change
the size and content of the code. Nothing new here.
Kind regards // Med venlig hilsen
Peter Kruse
CSIS / Kruse Security ApS
http://www.krusesecurity.dk
