F-secure list of sober virus urls



When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download “updates” from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with the sites. I did find that they have announced a list of the addresses for the January 5th update (and the January 6th as well.)


Great to see this information released. They’ve left out the filename, but I’ll reproduce the list here…

http://people.freenet.de/gixcihnm/
http://people.freenet.de/tobtrfjabzw/
http://people.freenet.de/utzmfucaau/
http://people.freenet.de/phyibrpkcpl/
http://people.freenet.de/lhxrdryo/
http://people.freenet.de/yediykdq/
http://people.freenet.de/bjjhdkybpyaj/
http://scifi.pages.at/agzytvfbybn/
http://home.pages.at/bdalczxpctcb/
http://free.pages.at/ftvuefbumebug/
http://home.arcor.de/ijdsqkkxuwp/
http://home.arcor.de/ldhdytdu/
http://home.arcor.de/wdqodvdhwwese/
http://home.arcor.de/frweemrecuvw/

http://home.arcor.de/nulmjznomnt/

The above addresses are due to be used for the January 5th download, the following list will be those used on January 6th…

http://people.freenet.de/mookflolfctm/
http://people.freenet.de/aohobygi/
http://people.freenet.de/wlpgskmv/
http://people.freenet.de/svclxatmlhavj/
http://people.freenet.de/jpjpoptwql/
http://people.freenet.de/iohgdhkzfhdzo/
http://people.freenet.de/eetbuviaebe/
http://scifi.pages.at/vvvjkhmbgnbbw/
http://home.pages.at/twfofrfzlugq/
http://free.pages.at/sfhfksjzsfu/
http://home.arcor.de/qlqqlbojvii/
http://home.arcor.de/fulmxct/
http://home.arcor.de/fowclxccdxn/
http://home.arcor.de/lnzzlnbk/

http://home.arcor.de/rprpgbnrppb/

After that the list is expected to change every 14 days. The virus syncs the systems time so that it does know the correct date and time. (NTP? via the atomic clocks?)

So, if your a system administrator and can block urls on your network – this might be a good batch to add to your list.

Related Posts

Blog Traffic Exchange Related Posts
  • Another Sober.y reminder f-secure.com has another warning for us about the pending awakening of the sober worm. From reports it's expected to start looking for sites to download from January 5th into January 6th. There is an extensive list of URL's to block. This from f-secure.com - if you're in charge of block......
  • New Sober variants.. Ok - there are some new variants on the Sober worm circulating. I received one on an address that's unfiltered (no virus/spam filtering) and must say, I can see people being duped into looking at the attachment. Sans has a post on it.. Sarc is calling it W32sober.x@mm and rates......
  • Symantec Antivirus Remotely Exploitable Vulnerability This is bad - whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they're waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus......
Blog Traffic Exchange Related Websites
  • Using Social Bookmarking To Promote Your Online Business Social bookmarking websites have been used for several years for finding and driving high quality traffic to business websites. It's a simple idea, marketers post quality content designed to help people, and a common result is that exchange will produce quality traffic to your site. As you can guess, since......
  • Facebook List Messages - 2011's Powerful Alternative to Email Marketing Strikes Hard, and is more than just Effective. [/caption] Internet Marketing Strategies, particularly Email Marketing, have seen an overhaul of sorts this past year. Rising standards in Anti-Spam Compliance Regulations have forced most email service providers like Aweber, MailChimp and iContact to reevaluate their levels of "leniency" towards unsubscribe rates and spam complaints, and enforce stricter monitoring......
  • The Ultimate Guide To Wordpress Plugins For User Generated Content photo credit: lumaxart Whichever way you cut it, on the internet content is king. Whether that is content in the form of articles or videos, podcasts or ebooks not only do we all need content, but generally speaking the more content that we have and the higher the quality......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site