[nsp-sec] conficker list ACK 8001
Smith, Donald
Donald.Smith at qwest.com
Thu Jan 15 12:31:40 EST 2009
I have begun processing the rest of the logs.
An update will be available later this week.
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Smith, Donald
> Sent: Thursday, January 15, 2009 9:38 AM
> To: 'Ryan Pavely'; 'nsp-security at puck.nether.net'
> Subject: Re: [nsp-sec] conficker list ACK 8001
>
> ----------- nsp-security Confidential --------
>
> I only processed 1 out of four lists.
> 2 were from the 12th and 2 from the 13th total size was about
> 250MB for the 4 files.
>
> I processed the largest one from the 12th.
> I suspected there would be lots of duplicates in the other
> files and it took nearly about 4 hours to process that one list.
> I am debating processing the others (in my spare time) and
> providing another report later this week. Since others have
> validated the list it is probably worth my time to do so.
>
>
>
> This is a real bugger to remove.
> MSRT was recently updated to remove it but if a machine is
> infected any domain with Microsoft in it will be blocked
> (such as microsoft.com) along with many other antivirus and
> security sites. F-secure has a list of names that are blocked.
>
> Also if anyone has a copy of conficker.B I would like a copy
> for testing.
>
> TIA
>
> (coffee != sleep) & (!coffee == sleep)
> Donald.Smith at qwest.com gcia
>
> > -----Original Message-----
> > From: nsp-security-bounces at puck.nether.net
> > [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Ryan Pavely
> > Sent: Thursday, January 15, 2009 7:28 AM
> > To: 'nsp-security at puck.nether.net'
> > Subject: Re: [nsp-sec] conficker list ACK 8001
> >
> > ----------- nsp-security Confidential --------
> >
> > Only one IP. My network feels so small lately. We haven't
> > been part of
> > any good worms..
> >
> > Wait.. that's a good thing!
> >
> >
> > Ryan Pavely
> > Director Research And Development
> > Net Access Corporation
> > http://www.nac.net/
> >
> >
> >
> > Smith, Donald wrote:
> > > ----------- nsp-security Confidential --------
> > >
> > > A source that wishes to remain anonymous provided me apache
> > logs for one of the systems conficker checks in with or
> > downloads from. Beth Young at more.net also has a list and
> > has offered to cross check these against her known infected systems.
> > >
> > >
> > > Here are two links to the list it contains over 700K uniq
> > ips so it was TOO large to upload via the cymru web gui in a
> > single file I had to split it.
> > >
> > > I only included the first time an IP checked in.
> > > Timezone is GMT -8:00
> > > link 1
> > > https://asn.cymru.com/nsp-sec/upload/1231957075.whois.txt
> > >
> > > link 2
> > > https://asn.cymru.com/nsp-sec/upload/1231958296.whois.txt
> > >
> > > Given the way I broke the list in half there is a very good
> > chance your ASN will appear on both lists.
> > >
> > > H8Hz
> > > Donald.Smith at qwest.com gcia
> > >
> > >
> > > _______________________________________________
> > > nsp-security mailing list
> > > nsp-security at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/nsp-security
> > >
> > > Please do not Forward, CC, or BCC this E-mail outside of
> > the nsp-security
> > > community. Confidentiality is essential for effective
> > Internet security counter-measures.
> > > _______________________________________________
> > >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the
> > nsp-security
> > community. Confidentiality is essential for effective
> > Internet security counter-measures.
> > _______________________________________________
> >
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list