[Full-Disclosure] Anybody know what Sobig.F has downloaded?
Brent J. Nordquist
b-nordquist at bethel.edu
Mon Sep 1 21:08:50 BST 2003
On Sat, 23 Aug 2003, Nick FitzGerald <nick at virus-l.demon.co.uk> wrote:
> it seems all the "contact list" machines were disconnected from the
> Internet about an hour before "come and get it" time. One hopes this
> was done cluefully after certain important forensic evidence had been
> appropriately gathered, or at least was known to then be present on the
> machines and the machines were suitably secured for forensic analysis.
Has anyone heard anything more about that second stage; whether any of it
was recovered, what it was supposed to be? I can't find anyone talking
about it; I thought this would be big news.
--
Brent J. Nordquist <b-nordquist at bethel.edu> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
Full-Disclosure is hosted and sponsored by Secunia.