[nsp-sec] Two Flashback C&Cs: HE, NTT, Internap, Limelight

[Nicholas Ianelli]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/19/2012 11:10 AM, Bill Woodcock wrote:
> ----------- nsp-security Confidential --------
> 
> 
>>>> rfffnahfiywyd.net vxvhwcixcxqxd.net AS      | IP
>>>> | AS Name 6939    | 74.207.249.7     | HURRICANE - Hurricane
>>>> Electric, Inc.
> 
>> I've been told this may be a security organization in Canada, 
>> Unveillance (e.g., Karim Hijazi, Matt Thompson).
> 
> 
> Apple is distinguishing between sinkholes and C&C, and the two IPs
> they handed over were the things they most wanted taken down.  I
> can't speak further than that.
> 
> I think there's a slippery slope when one starts distinguishing
> between "good" and "bad" C&C and letting some continue.

I'm not suggesting one action over another. Just providing information.
I haven't been heads deep in this particular threat, just playing in my
spare time.

I can't recall if HE folks ever made it to this list. You may wish to
reach out to contacts directly if you haven't already. Happy to provide
you with the people I've worked with, though you probably have the same
contacts.

If wanted, Matt can be reached via email for conversation,
mthompson at hexwave.com.

I can also pass on some contacts at GoDaddy if you'd like to do
something about the domains as well.

Cheers,
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk+QL3YACgkQi10dJIBjZIAZeQCfTkwDhSdh4u9Xg9iMxOXuBeSA
9B0An0TQSqQr96da8qZ8Z0Us1MwVyPXj
=/mgH
-----END PGP SIGNATURE-----