[nsp-sec] Adding Destination Address to Conficker C Reports
SURFcert - Peter
p.g.m.peters at utwente.nl
Fri Jun 5 15:42:48 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nicholas Ianelli wrote on 2009-06-05 0:07:
>> Will we see destination addresses in Mebroot reports to in the near
>> future? We are having the same problems with NAT users. And Mebroot is a
>> lot more difficult to detect on systems.
>
> Here are a number of the IPs Mebroot domains have used in the very
> recent past:
>
> 65.60.42.26
> 65.60.34.186
> 69.64.75.66
> 67.212.179.130
> 66.240.243.155
> 206.225.86.123
How far can these addresses be distributed? Members of our constituency
would like to have them to check their NAT boxes. But even some end
users might want to know them if they don't trust their network people.
(That happens;)
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKKXU4elLo80lrIdIRAteEAJ9U+9SVOxyeKkj81fPB0LlQgY4JTwCeJiA/
++veiKnBiDLkl0KSY0KcDKU=
=lkaB
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list