To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
Hi. When this list was started a while back a lot of sharing and
discussion was happening.
This make us take a step back at the time. Today, when most of this
information can do far more good than harm, it is my strong
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
bestantivirus2009 com
iframe with exploits: huytegygle com/index.php --script
huytegygle com/bin/ file.exe
This information is from:
http://sunbeltblog.blogspot.com/2008/08/xp-antivirus-2008-now-with-sploits.html
Lots of
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
Hey all, (hopefully many are still around) re-sending
this as it was bounced before... Additional comments
after original message:
// BEGIN
From [EMAIL PROTECTED] Sat Aug 9 14:24:35 2008
Date: Sat, 9 Aug 2008 14:24:35
Another bogus greeting card spamming a malware URL (again, one I've seen
for a few days now and still live):
h ttp://u gm-records.de/e-card.exe
Detection wise...Someone already sent it to VT:
http://www.virustotal.com/analisis/50bf6f61971f349a5de651aa5515607f
As usual, several days later
I propose that each and every one of us on this list configure our
nepenthes boxes with the email address of this distribution list, so
we can share information about new botnet clients in real time.
Thoughts?
-Jeremy
On Wed, Aug 27, 2008 at 4:41 PM, Gadi Evron [EMAIL PROTECTED] wrote:
To
I think that is a bit too high volume for this list, maybe throwing
honeypot logs to an aggregator and then sending a daily digest would
be more appropriate.
James Pleger
e: [EMAIL PROTECTED]
On Wed, Aug 27, 2008 at 6:10 PM, Jeremy [EMAIL PROTECTED] wrote:
I propose that each and every one of
Contacting server 195.5.216.10:7007
Connection with 195.5.216.10:7007 (49153) established
*** highkey,
*** MAP KNOCK SAFELIST HCN MAXCHANNELS=10 MAXBANS=60 NICKLEN=30
TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this
server
*** WALLCHOPS WATCH=128 SILENCE=15 MODES=12
On Aug 27, 2008, at 9:10 PM, Jeremy wrote:
I propose that each and every one of us on this list configure our
nepenthes boxes with the email address of this distribution list, so
we can share information about new botnet clients in real time.
Thoughts?
I like the idea. I'm all for it.
J
This is just off the top of my head, but if traceability is a problem,
why not use an anonymous remailer or mixmaster? Have the source sign
the message for authenticity, and you'd get validity without
traceability.
On Aug 27, 2008, at 9:19 PM, Gadi Evron wrote:
On Wed, 27 Aug 2008,
I agree here. It'd be a bit much and cause people to unsubscribe if there's
not some digest type format. The malware would still have to be sandboxed
in some fashion to be overly relevant. Just having information from
nepenthes will give you limited information. Also, unless there's a way to
10 matches
Mail list logo
