[nsp-sec] Adding Destination Address to Conficker C Reports
Tim Wilde
twilde at cymru.com
Fri Jun 5 07:21:47 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/4/2009 4:44 PM, SURFcert - Peter wrote:
> Will we see destination addresses in Mebroot reports to in the near
> future? We are having the same problems with NAT users. And Mebroot is a
> lot more difficult to detect on systems.
Peter,
Nick has posted a few IPs that have been used by Mebroot domains
recently (thanks Nick!), but I do not expect we'll be providing specific
IPs in those domains in the near future, as we do not receive them from
our data provider for that feed. I can check with them to see if
they're interested in having this data provided to us and included in
the reports, but usually that type of data is avoided because it can
reveal the source. That's why the only place we're going to be
providing it from the start is on Conficker data generated from our own
internal sinkhole, not any of our data providers.
Thanks,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFKKP/LluRbRini9tgRAkTbAJ9H6q+3zkP1lGmVi7v4AvzUWHSdiQCeOr78
0UEykJbytjbzRb66bSCxBzU=
=iGmz
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list