[nsp-sec] List of compromised devices from MS08-067
Rob Thomas
robt at cymru.com
Mon Oct 27 18:35:00 EDT 2008
Nicely done! :)
Smith, Donald wrote:
> Hi Rob, that is the way I understood it also.
> We didn't show up on the list AT ALL but we blackholed the download site within an very short time of being alerted to it.
>
>
> ________________________________________
> From: Rob Thomas [robt at cymru.com]
> Sent: Monday, October 27, 2008 4:03 PM
> To: Smith, Donald
> Cc: 'NSP-SEC'
> Subject: Re: [nsp-sec] List of compromised devices from MS08-067
>
> Hey, Don.
>
>> Rob, was summertime.1gokurimu.com and perlbody.t35.com distributing the malware or collecting the list of infected systems?
>
> According to Jason Kendall, those aren't malware sites but rather
> commands to log those hosts that "check-in" to those URLs.
>
> Thanks,
> Rob.
> --
> Rob Thomas
> Team Cymru
> http://www.team-cymru.org/
> cmn_err(CEO_PANIC, "Out of coffee!");
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list