] More info about the fastest-spreading worm of all time, which
] enters a new phase today, trying to download unknown code to 20
] specific home computers:
] The worm infected close to one million computers via
] e-mail attachments in e-mails with spoofed addresses
. . .
] Now, those infected
] computers are programmed to start to connect to machines
] found on an encrypted list hidden in the virus body.
] F-Secure said the list contains the address of 20
] computers located in United States, Canada and South
] Korea and is expected to start at 3:00 EST Friday.
I can't beleive they are unable to locate and turn off the servers! There are only 20. Also, if the "web address" in question is under the control of the attackers, then it was paid for by the attackers, and this is a very easy place to start a criminal investigation (possibly the web address was bought using a fake or stolen identity). However, claiming that this "must be the work of organized crime" is silly. Technical sophistication and criminal sophistication are not always directly proportional.
New Phase of Sobig.F Set for 3 p.m. EST Friday 8/22/2003