<<< Date Index >>>     <<< Thread Index >>>

RE: Ruh-Roh SOBIG.G?



I thought it had expired on 9/10, and it did stop coming for a while. I'm 
seeing it
again too; actually, I'm seeing two different attachment sizes in the new ones, 
one
around 70K and the other around 100K. 

Did someone reissue Sobig.F with a new expiration date?

Larry Seltzer
Security Editor, eWEEK.com
http://security.eweek.com/
larryseltzer@xxxxxxxxxxxxx 

-----Original Message-----
From: Peter Kruse [mailto:kruse@xxxxxxxxxxxxxxxx] 
Sent: Thursday, September 25, 2003 6:02 PM
To: 'Liviu Daia'; bugtraq@xxxxxxxxxxxxxxxxx
Subject: SV: Ruh-Roh SOBIG.G?


Hi,

There is no new Sobig worm here. I just ran through samples received by the 
original
poster and I can confirm that these are all Sobig-F samples. The worm is known 
to be
polymorphic which by nature will change the size and content of the code. 
Nothing new
here.

Kind regards // Med venlig hilsen

Peter Kruse
CSIS / Kruse Security ApS
http://www.krusesecurity.dk