Strange Things are Afoot at the Circle K.

Friday, August 22, 2003

Well, looks like the world lucked out with that computer virus. See the previous post. It links to a site telling about how that big computer virus going around, SoBig.f, was supposed to enter its second phase today, and do who knows what. Here's a post made to alt.slack telling about how this plan was thwarted. Very weird stuff.

Subject: SoBig.F gunned down by Agent Smith
From: "Rev. Ivan Stang"
Date: Fri, Aug 22, 2003 2:59 PM
Message-id: <>

F-Secure Virus Descriptions

Radar Alert LEVEL 1
NAME: Sobig.F
ALIAS: W32/Sobig.F@mm

For more information, see:

A new variant of Sobig, known as Sobig.F was first found on August
19th, 2003 and it is spreading in the wild.

Sobig.F activates on Friday the 22nd of August at 19:00 UTC. For
information on this, please see:

((Stang note: to make a long story short, at 3 pm EST this virus was
supposed to cause all infected devices to connect to one of 20
"INFECTED SUPER MONSTER SERVERS," which the fiendish hackers had
prepped in advance, theoretically in secret, and then... DO
SOMETHING... but The Man was onto them, and in a suspiciously
Made-for-TV-style last-minute showdown, all but one of the hapless
patsy virtual Lee Harvey Oswald servers was pinned down and disabled,
and it finally went down in a blaze of gunfire.

Again, we suspect that the actual fiend behind this attack was none
other than the shadowy figure known variously as "The Disk Doctor" and
"Norton." The Man, however, is blaming "organized crime."))

Update on 16:00 UTC

F-Secure can confirm that 18 of the 20 master servers are currently
down or unreachable.

Update on 17:00 UTC

F-Secure can confirm that 17 of the 20 master servers are currently
down. Apparently one of the machines was not disconnected by an ISP and
has been booted up by its owner.

We're working together with CERTs, FBI and Microsoft to stop the last

Update on 18 UTC

F-Secure can confirm that ALL the master server machines are currently
down or unreachable. One of them seems to still respond to PING but not
to 8998 UDP.

We have one hour to go to see if this really is the case.

Update on 18:20 UTC

Unfortunately one server is up right now after all. And one might be
enough for the attack to start succesfully.

Update on 19:00 UTC

When deadline for the attack was passed, one machine was still
(somewhat) up. However, immediatly after the deadline, this machine
(located in the USA) was totally swamped under network traffic.

We've tried connecting to it, just like the virus does. We do this from
three different sensors from three different machines in three
different countries. We haven't been able to connect to it once. If we
can't connect, neither can the viruses.

So the attack failed. Whoa.

We'll keep monitoring until 23:00 UTC. If we're not able to connect
once, we can safely say that the attack was prevented.


4th Stangian Orthodox MegaFisTemple Lodge of the Wrath of Dobbs Yeti,
Resurrected (Rev. Ivan Stang, prop.)
P.O. Box 181417, Cleveland, OH 44118 (fax 216-320-9528)
A subsidiary of:
The SubGenius Foundation, Inc. / P.O. Box 204206, Austin, TX 78720-4206
Dobbs-Approved Authorized Commercial Outreach of The Church of the SubGenius
For SubGenius Biz & Orders: call toll free to 1-888-669-2323
or email: