«
»

F-secure list of sober virus urls



When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download “updates” from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with the sites. I did find that they have announced a list of the addresses for the January 5th update (and the January 6th as well.)


Great to see this information released. They’ve left out the filename, but I’ll reproduce the list here…

http://people.freenet.de/gixcihnm/
http://people.freenet.de/tobtrfjabzw/
http://people.freenet.de/utzmfucaau/
http://people.freenet.de/phyibrpkcpl/
http://people.freenet.de/lhxrdryo/
http://people.freenet.de/yediykdq/
http://people.freenet.de/bjjhdkybpyaj/
http://scifi.pages.at/agzytvfbybn/
http://home.pages.at/bdalczxpctcb/
http://free.pages.at/ftvuefbumebug/
http://home.arcor.de/ijdsqkkxuwp/
http://home.arcor.de/ldhdytdu/
http://home.arcor.de/wdqodvdhwwese/
http://home.arcor.de/frweemrecuvw/

http://home.arcor.de/nulmjznomnt/

The above addresses are due to be used for the January 5th download, the following list will be those used on January 6th…

http://people.freenet.de/mookflolfctm/
http://people.freenet.de/aohobygi/
http://people.freenet.de/wlpgskmv/
http://people.freenet.de/svclxatmlhavj/
http://people.freenet.de/jpjpoptwql/
http://people.freenet.de/iohgdhkzfhdzo/
http://people.freenet.de/eetbuviaebe/
http://scifi.pages.at/vvvjkhmbgnbbw/
http://home.pages.at/twfofrfzlugq/
http://free.pages.at/sfhfksjzsfu/
http://home.arcor.de/qlqqlbojvii/
http://home.arcor.de/fulmxct/
http://home.arcor.de/fowclxccdxn/
http://home.arcor.de/lnzzlnbk/

http://home.arcor.de/rprpgbnrppb/

After that the list is expected to change every 14 days. The virus syncs the systems time so that it does know the correct date and time. (NTP? via the atomic clocks?)

So, if your a system administrator and can block urls on your network – this might be a good batch to add to your list.

Popularity: 1% [?]

PDF Creator    Send article as PDF   
Blog Traffic Exchange Related Posts
  • New Sober variants.. Ok - there are some new variants on the Sober worm circulating. I received one on an address that's unfiltered (no virus/spam filtering) and must say, I can see people being duped into looking at the attachment. Sans has a post on it.. Sarc is calling it W32sober.x@mm and rates......
  • Symantec Antivirus Remotely Exploitable Vulnerability This is bad - whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they're waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus......
  • How to Remove Windows Smart Security (Removal Guide) Windows Smart Security is a rogue spyware application that may fool people into installing and purchasing due to the use of the words Windows and Security in the title. It may fool people into thinking that it is related to Microsoft Windows and perhaps even a part of the operating......
Blog Traffic Exchange Related Websites
  • Tips To Build An E-Mail List If you really want to make money online, you don't want to only have one source of income, but as many as possible. While you can make money from your website, either by selling ads or your own products, you shouldn't ignore e-mail marketing either. If you want to make......
  • The Ultimate Guide To Wordpress Plugins For User Generated Content photo credit: lumaxart Whichever way you cut it, on the internet content is king. Whether that is content in the form of articles or videos, podcasts or ebooks not only do we all need content, but generally speaking the more content that we have and the higher the quality......
  • Big Book of Home How To By Better Homes and Gardens When it comes to dealing with the authority on home improvement, you can’t much better than Better Homes and Gardens. For decades they have been helping and inspiring home owners throughout the world. Let’s see if their latest book is worth the money and if it can help you with......

Similar Posts


This entry was posted on Saturday, December 10th, 2005 at 7:09 pm and is filed under Computers, Security, Viruses. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site