[nsp-sec] [SPAM] Re: Two Flashback C&Cs: HE, NTT, Internap, Limelight
Chip Gwyn
cgwyn at internap.com
Thu Apr 19 11:38:10 EDT 2012
Internap checking in.
We're starting to poke around.
Thanks,
--chip
On Thu, Apr 19, 2012 at 11:30 AM, Nicholas Ianelli <
ni at allyourinfoarebelongto.us> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/19/2012 11:10 AM, Bill Woodcock wrote:
> > ----------- nsp-security Confidential --------
> >
> >
> >>>> rfffnahfiywyd.net vxvhwcixcxqxd.net AS | IP
> >>>> | AS Name 6939 | 74.207.249.7 | HURRICANE - Hurricane
> >>>> Electric, Inc.
> >
> >> I've been told this may be a security organization in Canada,
> >> Unveillance (e.g., Karim Hijazi, Matt Thompson).
> >
> >
> > Apple is distinguishing between sinkholes and C&C, and the two IPs
> > they handed over were the things they most wanted taken down. I
> > can't speak further than that.
> >
> > I think there's a slippery slope when one starts distinguishing
> > between "good" and "bad" C&C and letting some continue.
>
> I'm not suggesting one action over another. Just providing information.
> I haven't been heads deep in this particular threat, just playing in my
> spare time.
>
> I can't recall if HE folks ever made it to this list. You may wish to
> reach out to contacts directly if you haven't already. Happy to provide
> you with the people I've worked with, though you probably have the same
> contacts.
>
> If wanted, Matt can be reached via email for conversation,
> mthompson at hexwave.com.
>
> I can also pass on some contacts at GoDaddy if you'd like to do
> something about the domains as well.
>
> Cheers,
> Nick
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk+QL3YACgkQi10dJIBjZIAZeQCfTkwDhSdh4u9Xg9iMxOXuBeSA
> 9B0An0TQSqQr96da8qZ8Z0Us1MwVyPXj
> =/mgH
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
--
--chip
Chip Gwyn | IP Network Architecture
---------------------------------------------------------------
Phone 404.302.9976
cgwyn at internap.com * www.internap.com
INTERNAP
connectivity | colocation | managed hosting | cloud
One Ravinia Drive . Suite 1300 . Atlanta . GA . 30346
More information about the nsp-security
mailing list