[nsp-sec] conficker list ACK 719, 790 and 3336
Ståhl Jouni
jouni.stahl at elisa.fi
Thu Jan 15 04:55:00 EST 2009
ACK 719, 790 and 3336
Jouni Ståhl
Elisa-CERT
Elisa Ltd
>-----Original Message-----
>From: nsp-security-bounces at puck.nether.net
>[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
>Smith, Donald
>Sent: Wednesday, January 14, 2009 8:53 PM
>To: 'nsp-security at puck.nether.net'
>Subject: [nsp-sec] conficker list
>
>----------- nsp-security Confidential --------
>
>A source that wishes to remain anonymous provided me apache
>logs for one of the systems conficker checks in with or
>downloads from. Beth Young at more.net also has a list and has
>offered to cross check these against her known infected systems.
>
>
>Here are two links to the list it contains over 700K uniq ips
>so it was TOO large to upload via the cymru web gui in a
>single file I had to split it.
>
>I only included the first time an IP checked in.
>Timezone is GMT -8:00
>link 1
>https://asn.cymru.com/nsp-sec/upload/1231957075.whois.txt
>
>link 2
>https://asn.cymru.com/nsp-sec/upload/1231958296.whois.txt
>
>Given the way I broke the list in half there is a very good
>chance your ASN will appear on both lists.
>
>H8Hz
>Donald.Smith at qwest.com gcia
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the
>nsp-security
>community. Confidentiality is essential for effective Internet
>security counter-measures.
>_______________________________________________
>
More information about the nsp-security
mailing list