Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: A sober New Years update. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A sober New Years update.

Sober.Y will be attempting to update itself tonight at midnight. If you have the ability you may wish to monitor traffic towards the sites listed below. The ISPs and hosting sites have known about this update for a while and I believe the malware has been removed from these sites so I don't recommend blocking those sites. Monitering them might provide you with a list of infected  computers:)

From http://www.f-secure.com/v-descs/sober_y.shtml

Sober.Y monitors a fixed list of NTP servers to syncronize its time. If the date is 6.1.2006 or later, instead of mass mailing, it tries to download and execute file from one of the following domains:

 people.freenet.de
 scifi.pages.at
 free.pages.at
 home.pages.at
 home.arcor.de
donald

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!