[nsp-sec] List of compromised devices from MS08-067
Smith, Donald
Donald.Smith at qwest.com
Mon Oct 27 18:31:56 EDT 2008
Hi Rob, that is the way I understood it also.
We didn't show up on the list AT ALL but we blackholed the download site within an very short time of being alerted to it.
________________________________________
From: Rob Thomas [robt at cymru.com]
Sent: Monday, October 27, 2008 4:03 PM
To: Smith, Donald
Cc: 'NSP-SEC'
Subject: Re: [nsp-sec] List of compromised devices from MS08-067
Hey, Don.
> Rob, was summertime.1gokurimu.com and perlbody.t35.com distributing the malware or collecting the list of infected systems?
According to Jason Kendall, those aren't malware sites but rather
commands to log those hosts that "check-in" to those URLs.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list