[nsp-sec] Adding Destination Address to Conficker C Reports
Tim Wilde
twilde at cymru.com
Mon Jun 8 10:16:31 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/1/2009 2:08 PM, Tim Wilde wrote:
> In response to concerns about difficulties tracking down Conficker
> infected systems behind NATs and proxies, we have determined that we can
> safely provide destination IP addresses for Conficker reports that were
> generated by our Conficker C sinkhole. As such, we will be adding
> another optional bit at the end of these reports. We will modify our
> processing to include this data next Monday, June 8th, so you will begin
> to see it in the reports generated on 2009-06-09 UTC. Please read
> further for details of the new piece of information.
Team,
Just a reminder, this change has now been made in our systems, so you
will begin seeing destaddr information for Conficker C sinkhole hits
with tomorrow's Daily Reports run, as described in my original e-mail on
this thread. This is also documented on the Daily Reports bots category
page:
https://www.cymru.com/nsp-sec/dailyreports/bots.html
Thank you as always for your support!
Regards,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFKLR0/luRbRini9tgRApCQAJ9UGgU7NTqb2bGHj0F5JP8E7OTn7ACfTJ4r
cSeCkH/HebymLUccxL4OtzI=
=XefB
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list