[nsp-sec] Two Flashback C&Cs: HE, NTT, Internap, Limelight
Bill Woodcock
woody at pch.net
Thu Apr 19 11:10:37 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
>>> rfffnahfiywyd.net
>>> vxvhwcixcxqxd.net
>>> AS | IP | AS Name
>>> 6939 | 74.207.249.7 | HURRICANE - Hurricane Electric, Inc.
>
> I've been told this may be a security organization in Canada,
> Unveillance (e.g., Karim Hijazi, Matt Thompson).
Apple is distinguishing between sinkholes and C&C, and the two IPs they handed over were the things they most wanted taken down. I can't speak further than that.
I think there's a slippery slope when one starts distinguishing between "good" and "bad" C&C and letting some continue.
-Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJPkCruAAoJEG+kcEsoi3+HPo8P/RAD7/aTH126CMR3lq+lGQT2
BbOWlvzh0XRm2Gdr66j0WFnt2C3ZJFxVbWF2H6lQ5rSb/KZmD8MGtp155wBsiTGe
b/Jv7CnK4VfKEOVadLYnOgIIKay+84c7Fl1YHMdP9JUT26PrgveVoPa66F5LfFI1
smdTEX/QdDjS6+dXrKfLDLBf110yx71+05heoH2nTlmdAS8T4FckszL3RwoexpXM
tMKTUyuzhGgb+icHyyIA5fB7ww+fbu+I9ff1H0GScWWHtWQ8Ewoty0ot79NIwP5v
q8+9VsD2SXZReSFcyo5J9lpGwNFl7BIz9FBfcjbZdh41stE5unLGJ5TRQ4weEZVB
f8j0RB759gzSTKuxJScQ7X9xWcNyycQ974owCaSnsKgGydC+PQAiMFXl30IBEBav
5SSCrMeT38OC3Uz7AVvQyFWDcrBlF4l+l6iKbRLUqWTOyFSt3Bwn1fsgm7ocytga
g5TlNiIOn9IXFhZe4FsyTVrQ2x0OwR1s1mb/Oj2LWN9e+h34LwW5o7Q9LaxhN0Dq
jZKquRXYNc2AJeHD+bXrAJzuKDlu/q7dqBULPb/O/OeodohMwDbxIzuTw4f9q2Zd
vJykqQ5dRU/n2WGFOegpC6nQ1rbMVTeUREqukw7QXzzV09COA5HtHtuE7geCHGfD
Jyj2Zp8yI9awrOldRmHE
=khSj
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list