Hello,
Here some more of those:
hxxp://demurf.com/login.html
hxxp://dexoim.com/login.html
hxxp://himmdea.com/login.html
hxxp://hunerim.com/login.html
hxxp://jerrrood.com/login.html
hxxp://jimmedy.com/login.html
hxxp://jioece.com/login.html
hxxp://jioeres.com/login.html
Hello,
Following links were alive at time of check (Fri Aug 29 07:12:41 UTC)
hx xp://87.229.108.47/index100.html
hx xp://87.229.108.47/video66.exe
hx xp://alderechoyalreves.com/adm/adn.php
hx xp://alderechoyalreves.com/adm/l/link.php
hx xp://atecnic.com/adm/adn.php
hx
On Fri, Aug 29, 2008 at 6:04 AM, T Biehn [EMAIL PROTECTED] wrote:
Heartily Disagree,
Standards are (usually) parse-friendly. I really don't feel like
inventing some new indicator for your scripts of dubious worth.
They aren't meant to be indicators. Any scripts (I imagine - I don't
have any
I tend to use hxxp[s]:// -and- some random spaces. Substituting for the xx's
and stripping the spaces isn't usually going to be a problem for scripting.
--
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET LLC
I think it's better to add some SPACEes in the URL, kind of
When a proposal on the subject is created, it will be shared with all of
you.
For now... we are here to share, so let's share.
Gadi.
___
botnets@, the public's dumping ground for maliciousness
All list and server information are public and
- Original Message -
H -- if the collective we thinks 12 hours is a quick response time
for this sort of thing, it's no wonder we're losing so badly...
The 'sort of thing' in the mentioned case were 'just' redirecting
spam.Takedown was _anywhere_ within 12 h, no exact tracking
Tell me how this works for a large site that has one piece of malware!
badhost.com contains every wiki ever written and cause badguys.com slipped on
SQL trick in and redirect then we should block everything in badhost.com. Does
not work this way in an edu domain, somebody will cry academic
--
Message: 1
Date: Thu, 28 Aug 2008 7:59:35 -0700
From: Steven Adair [EMAIL PROTECTED]
Subject: Re: [botnets] [phishing] XP update phish/malware
To: Discini, Sonny [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], Steve Pirk
I harvested 1700 sql injection attempts by danmec related infectors.
targets included 200 exposed honeypots (er, oops , I mean client
maintained servers) dispersed across widely varied address ranges. In
every case this URL was the download point:
http://www0.douhunqn.cn/csrss/w.js
brack
May I remind everybody that the purpose of this list is to share
information. What you do with this information is up to you (more or less).
If you use it as a blacklist: fine, I hope you know what you are doing...
On Fri, Aug 29, 2008 at 10:09 AM, [EMAIL PROTECTED] wrote:
Tell me how this
Well, if it's really a problem, the spaces don't have to be random, but it
shouldn't be difficult in most scripting languages to strip spaces in a
string that shouldn't contain any spaces.
--
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET LLC
-Original Message-
Spaces suck because they are never in the same place and then you cannot
really easily automate the import process into whatever system you may
have that would work on it. I think that the hxxp[x] solution is an
easy and fine one that it easy for everyone to use.
Using any other type of
I work in an edu (for a couple more weeks at least), we'll block hacked
wikis. Why? Because we understand that giving people a platform for attack
just isn't good policy. We need not have the internet controlled by the
bottom-feeders out of some ridiculous fear of censorship or hindering
This site appears to be run by the authors to host their malware. It's
been around for a long time now. I track it on and off to see if they
add any new exploits. Since it's inception they have refined the code
and exploits. I've been looking at it for about 8 months on and off
but I think it's
Hi all.
The honey pot dump mailing list is ready. Point your servers to report
to;
[EMAIL PROTECTED]
To get us started I am quoting Jeremy, who came up with the idea of us
pointing our nepethes sensors to a mailing list.
He is providing with simple instructions on how to get started using
On Friday 29 August 2008, Brack o'Malley wrote:
I harvested 1700 sql injection attempts by danmec related
infectors. targets included 200 exposed honeypots (er, oops , I
mean client maintained servers) dispersed across widely varied
address ranges. In every case this URL was the download
Resend.
Not sure if the last email went through.
This site appears to be run by the authors to host their malware. It's
been around for a long time now. I track it on and off to see if they
add any new exploits. Since it's inception they have refined the code
and exploits. I've been looking at it
This Washington Post story came out today:
http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html
I have some thoughts relating more to network operations, but some of you
may be interested in following up on this.
In the story, Brian Krebs discusses the SF
18 matches
Mail list logo
