Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: SOBIG.F - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A new variant of the SOBIG worm is spreading fast.

Best practice to do now:

- update anti-virus scanners, both on desktops,
servers and security perimeters

- communicate safe email handling instructions to all users
(do not open unsolicited attachments, no matter
how tempting the instructions or title are)

- block incoming UDP ports 995 - 999

- block outgoing UDP ports 8998

- monitor for outgoing UDP port 123 traffic (used by NTP clients as well)
for signs of infection
This new variant is rather successful at spreading.

Read more at:


76 Posts
Aug 19th 2003

Sign Up for Free or Log In to start participating in the conversation!