[nsp-sec] conficker list
Smith, Donald
Donald.Smith at qwest.com
Thu Jan 15 08:48:57 EST 2009
Yes, it is good that our discussion lead to this.
You may forward just remove references to nsp sec and myself:)
Donald.Smith at qwest.com<mailto:Donald.Smith at qwest.com>
Please cc the handlers to keep them all in the loop.
________________________________
From: Christoph Sprongl [ch at it-austria.net]
Sent: Thursday, January 15, 2009 1:48 AM
To: Smith, Donald
Cc: 'nsp-security at puck.nether.net'
Subject: Re: [nsp-sec] conficker list
Hi Donald,
great that our discussion brought up such a result and hopefully clean
hosts :-)
May i forward infected hosts from .AT-ISPs to local trusted and only
relevant contacts?
christoph
> ----------- nsp-security Confidential --------
>
> A source that wishes to remain anonymous provided me apache logs for one
> of the systems conficker checks in with or downloads from. Beth Young at
> more.net also has a list and has offered to cross check these against her
> known infected systems.
>
>
> Here are two links to the list it contains over 700K uniq ips so it was
> TOO large to upload via the cymru web gui in a single file I had to split
> it.
>
> I only included the first time an IP checked in.
> Timezone is GMT -8:00
> link 1
> https://asn.cymru.com/nsp-sec/upload/1231957075.whois.txt
>
> link 2
> https://asn.cymru.com/nsp-sec/upload/1231958296.whois.txt
>
> Given the way I broke the list in half there is a very good chance your
> ASN will appear on both lists.
>
> H8Hz
> Donald.Smith at qwest.com gcia
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list