[nsp-sec] conficker list

[Christoph Sprongl]

> Yes, it is good that our discussion lead to this.
>
> You may forward just remove references to nsp sec and myself:)
of sure anonymous

ch


>
> Donald.Smith at qwest.com<mailto:Donald.Smith at qwest.com>
> Please cc the handlers to keep them all in the loop.
> ________________________________
> From: Christoph Sprongl [ch at it-austria.net]
> Sent: Thursday, January 15, 2009 1:48 AM
> To: Smith, Donald
> Cc: 'nsp-security at puck.nether.net'
> Subject: Re: [nsp-sec] conficker list
>
> Hi Donald,
>
> great that our discussion brought up such a result and hopefully clean
> hosts :-)
>
> May i forward infected hosts from .AT-ISPs to local trusted and only
> relevant contacts?
>
> christoph
>
>
>> ----------- nsp-security Confidential --------
>>
>> A source that wishes to remain anonymous provided me apache logs for one
>> of the systems conficker checks in with or downloads from. Beth Young at
>> more.net also has a list and has offered to cross check these against
>> her
>> known infected systems.
>>
>>
>> Here are two links to the list it contains over 700K uniq ips so it was
>> TOO large to upload via the cymru web gui in a single file I had to
>> split
>> it.
>>
>> I only included the first time an IP checked in.
>> Timezone is GMT -8:00
>> link 1
>> https://asn.cymru.com/nsp-sec/upload/1231957075.whois.txt
>>
>> link 2
>> https://asn.cymru.com/nsp-sec/upload/1231958296.whois.txt
>>
>> Given the way I broke the list in half there is a very good chance your
>> ASN will appear on both lists.
>>
>> H8Hz
>> Donald.Smith at qwest.com gcia
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security
>> community. Confidentiality is essential for effective Internet security
>> counter-measures.
>> _______________________________________________
>>
>>
>
>
>
>