North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Sobig.f surprise attack today
- From: steve uurtamo
- Date: Fri Aug 22 15:17:46 2003
OK... Maybe I'm smoking crack here, but, if they have the list of 20
machines,wouldn't it make more sense to replace them with honey-pots that download
code to remove SOBIG instead of just disabling them?
Only if we make assumptions that what they state is 100% fact and the whole truth of the matter. They know of 20 but, who is to say a variant in the wild doesn't know of 20 more ? Or 100 more ? Too late anyway. My other list subscriptions show it active now ...
symantec sez that it listens for properly-signed announcements
about new and improved servers from which to receive said payload.
so it can change the source list at any time.