[nsp-sec] Adding Destination Address to Conficker C Reports
SURFcert - Peter
p.g.m.peters at utwente.nl
Thu Jun 4 16:44:23 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Tim,
Tim Wilde wrote on 2009-06-01 20:08:
> In response to concerns about difficulties tracking down Conficker
> infected systems behind NATs and proxies, we have determined that we can
> safely provide destination IP addresses for Conficker reports that were
> generated by our Conficker C sinkhole. As such, we will be adding
> another optional bit at the end of these reports. We will modify our
> processing to include this data next Monday, June 8th, so you will begin
> to see it in the reports generated on 2009-06-09 UTC. Please read
> further for details of the new piece of information.
Will we see destination addresses in Mebroot reports to in the near
future? We are having the same problems with NAT users. And Mebroot is a
lot more difficult to detect on systems.
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKKDInelLo80lrIdIRAnyEAJ4xq3bv/wyoE3WYtNzEzK+fWK0OwACgoXik
VB8/Djx3+WNW8G6ZYQuanfA=
=GcDC
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list