[nsp-sec] 112.118.131.58 hosting stormworm download.
Smith, Donald
Donald.Smith at qwest.com
Tue Jun 3 12:11:14 EDT 2008
Steven is correct. I fat fingered the whois command:(
Thanks for pointing this out Steven.
Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: Steven Spence [mailto:sspence at zianet.com]
> Sent: Tuesday, June 03, 2008 10:08 AM
> To: Smith, Donald
> Subject: Re: [nsp-sec] 112.118.131.58 hosting stormworm download.
>
> I think you just had a typo in your whois:
>
> AS | IP | AS Name
> 3462 | 122.118.131.58 | HINET Data Communication Business Group
>
> Smith, Donald wrote:
> > ----------- nsp-security Confidential --------
> >
> > 112.118.131.58 is not showing up in whois from here.
> >
> > This was being spammed out leading to a stormworm iloveyou.exe.
> > "Crazy in love with you hxxp://122.118.131.58/" ->
> stormworm (peacom).
> > All I saw there was an index.htm file, a gif and the malware.
> > Short diary about it here:
> > http://isc.sans.org/diary.html?storyid=4516
> >
> >
> > Security through obscurity WORKS against some worms and ssh
> attacks:)
> > Donald.Smith at qwest.com giac
> >
> >
> > H8Hz
> > Donald.Smith at qwest.com giac
> >
> >
> > This communication is the property of Qwest and may contain
> confidential or
> > privileged information. Unauthorized use of this
> communication is strictly
> > prohibited and may be unlawful. If you have received this
> communication
> > in error, please immediately notify the sender by reply
> e-mail and destroy
> > all copies of the communication and any attachments.
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of
> the nsp-security
> > community. Confidentiality is essential for effective
> Internet security counter-measures.
> > _______________________________________________
> >
> >
>
>
More information about the nsp-security
mailing list