Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: A sober New Years update. - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A sober New Years update.

Sober.Y will be attempting to update itself tonight at midnight. If you have the ability you may wish to monitor traffic towards the sites listed below. The ISPs and hosting sites have known about this update for a while and I believe the malware has been removed from these sites so I don't recommend blocking those sites. Monitering them might provide you with a list of infected  computers:)


Sober.Y monitors a fixed list of NTP servers to syncronize its time. If the date is 6.1.2006 or later, instead of mass mailing, it tries to download and execute file from one of the following domains:

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!