[nsp-sec] Possible 700k+ node botnet
Dave Mitchell
davem at yahoo-inc.com
Wed Oct 1 19:36:14 EDT 2008
Interesting links, Rob. Hadn't found those yet. Sure is interesting that
all of the analysis shows it fetching those files from other servers,
not www.y.c. Wonder if they updated it and wanted to use it to punish
our www frontend? 700k machines all checking in frequently is definitely
an increase in load.
-d
On Wed, Oct 01, 2008 at 04:10:35PM -0500, Rob Thomas wrote:
> ----------- nsp-security Confidential --------
>
> Possibly related:
>
> <http://www.anchiva.com/virus/view.asp?vname=Worm/Sohanad.AACA@im>
> <http://www.threatexpert.com/report.aspx?uid=b68593a2-5121-4391-b714-547659808785>
>
>
> --
> Rob Thomas
> Team Cymru
> http://www.team-cymru.org/
> cmn_err(CEO_PANIC, "Out of coffee!");
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20081001/6afe1eda/attachment-0001.sig>
More information about the nsp-security
mailing list