[nsp-sec] ACK conficker list

Thu Jan 15 08:55:39 EST 2009

ACK 812

Thanks, for the info.

Phillip Taylor
Rogers Network Security 

-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Smith, Donald
Sent: Wednesday, January 14, 2009 1:53 PM
To: 'nsp-security at puck.nether.net'
Subject: [nsp-sec] conficker list

----------- nsp-security Confidential --------

A source that wishes to remain anonymous provided me apache logs for one
of the systems conficker checks in with or downloads from. Beth Young at
more.net also has a list and has offered to cross check these against
her known infected systems.

Here are two links to the list it contains over 700K uniq ips so it was
TOO large to upload via the cymru web gui in a single file I had to
split it.

I only included the first time an IP checked in.
Timezone is GMT -8:00
link 1
https://asn.cymru.com/nsp-sec/upload/1231957075.whois.txt

link 2
https://asn.cymru.com/nsp-sec/upload/1231958296.whois.txt

Given the way I broke the list in half there is a very good chance your
ASN will appear on both lists.

H8Hz
Donald.Smith at qwest.com gcia

_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
-------------- next part --------------
This e-mail (and attachment(s)) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this e-mail or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. E-mails are not secure and you are deemed to have accepted any risk if you communicate with us by e-mail. If received in error, please notify us immediately and delete the e-mail (and any attachments) from any computer or any storage medium without printing a copy.

Ce courriel (ainsi que ses pi?ces jointes) est confidentiel, exclusif, et peut faire l?objet de droit d?auteur et de privil?ge juridique; aucun droit connexe n?est exclu. Si vous n??tes pas le destinataire vis? ou son repr?sentant, toute ?tude, diffusion, transmission ou copie de ce courriel en tout ou en partie, est strictement interdite et peut ?tre ill?gale. Tous les messages peuvent ?tre surveill?s, selon les lois et r?glements applicables et les politiques de protection de notre entreprise. Les courriels ne sont pas s?curis?s et vous ?tes r?put?s avoir accept? tous les risques qui y sont li?s si vous choisissez de communiquer avec nous par ce moyen. Si vous avez re?u ce message par erreur, veuillez nous en aviser imm?diatement et supprimer ce courriel (ainsi que toutes ses pi?ces jointes) de tout ordinateur ou support de donn?es sans en imprimer une copie. 