F-secure list of sober virus urls



When the news was first out that an antivirus firm (f-secure) had cracked the psuedo-random algorithm that the sober worm uses to determine where to download “updates” from, they said that they had previously notified German authorities where the free hosting sites were located so that they could deal with the sites. I did find that they have announced a list of the addresses for the January 5th update (and the January 6th as well.)


Great to see this information released. They’ve left out the filename, but I’ll reproduce the list here…

http://people.freenet.de/gixcihnm/
http://people.freenet.de/tobtrfjabzw/
http://people.freenet.de/utzmfucaau/
http://people.freenet.de/phyibrpkcpl/
http://people.freenet.de/lhxrdryo/
http://people.freenet.de/yediykdq/
http://people.freenet.de/bjjhdkybpyaj/
http://scifi.pages.at/agzytvfbybn/
http://home.pages.at/bdalczxpctcb/
http://free.pages.at/ftvuefbumebug/
http://home.arcor.de/ijdsqkkxuwp/
http://home.arcor.de/ldhdytdu/
http://home.arcor.de/wdqodvdhwwese/
http://home.arcor.de/frweemrecuvw/

http://home.arcor.de/nulmjznomnt/

The above addresses are due to be used for the January 5th download, the following list will be those used on January 6th…

http://people.freenet.de/mookflolfctm/
http://people.freenet.de/aohobygi/
http://people.freenet.de/wlpgskmv/
http://people.freenet.de/svclxatmlhavj/
http://people.freenet.de/jpjpoptwql/
http://people.freenet.de/iohgdhkzfhdzo/
http://people.freenet.de/eetbuviaebe/
http://scifi.pages.at/vvvjkhmbgnbbw/
http://home.pages.at/twfofrfzlugq/
http://free.pages.at/sfhfksjzsfu/
http://home.arcor.de/qlqqlbojvii/
http://home.arcor.de/fulmxct/
http://home.arcor.de/fowclxccdxn/
http://home.arcor.de/lnzzlnbk/

http://home.arcor.de/rprpgbnrppb/

After that the list is expected to change every 14 days. The virus syncs the systems time so that it does know the correct date and time. (NTP? via the atomic clocks?)

So, if your a system administrator and can block urls on your network – this might be a good batch to add to your list.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Anti-Virus Elite | Anti-Virus Elite Removal Guide Anti-Virus Elite is a rogue antivirus application. These rogue antivirus applications pose as a legitimate security application, but in reality is a scam to try to trick you out of money. They will find and claim that there are multiple security problems with your computer. They will claim that you......
  • Symantec Antivirus Remotely Exploitable Vulnerability This is bad - whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they're waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus......
  • Virus Hoaxes are almost as bad as real viruses I suspect you've probably got a fair share of these, I know I pull my hair out everytime I see someone forward one to their closest 400 friends and include me. Virus warnings. Viruses, are something that I deal with cleaning up quite a bit and I guess people try......
Blog Traffic Exchange Related Websites
  • Using Social Bookmarking To Promote Your Online Business Social bookmarking websites have been used for several years for finding and driving high quality traffic to business websites. It's a simple idea, marketers post quality content designed to help people, and a common result is that exchange will produce quality traffic to your site. As you can guess, since......
  • Tips To Build An E-Mail List If you really want to make money online, you don't want to only have one source of income, but as many as possible. While you can make money from your website, either by selling ads or your own products, you shouldn't ignore e-mail marketing either. If you want to make......
  • List Building Upkeep, A Significant Part of Online Marketing List building is an essential part of your online marketing strategies. Maintaining your list becomes the next significant step.How are you able to best keep your subscriber list safe and profitable?2 easy systems will help: white listing your e-mail address sendingbi-monthly reminders Tell Your New Customers to White List Your......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site