[nsp-sec] new storm worm peer list.
Smith, Donald
Donald.Smith at qwest.com
Mon Apr 7 13:29:33 EDT 2008
These came to the Internet Storm Center handlers list
from the recent "withlove" storm worm run.
$ md5sum withlove.exe
9975527fec5b9738932341fa7ad3dede *withlove.exe
Here is the list.
https://asn.cymru.com/nsp-sec/upload/1207588160.whois.txt
I verified via netflow that at least some of these are actively
communicating using the port listed.
If your interested in a perl script that decodes stormworm config files
the submiter included one here
http://www.sudosecure.net/wp-content/uploads/2008/04/storm_config_decode
r_pl.txt
I didn't validate it but given that the peers are talking on the right
port(s) I would say it worked ok:)
H8Hz
Donald.Smith at qwest.com giac
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list