To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Yes we do keep records. We see about 10-20 unique customers a day. Its dependent on the US Stock market index as that causes customers to login ;-) What we found after talking with a small group of customers was that none of them had any anti-virus deployed. All the customers are using IE so we suspect they must have visited a rougue site and gotten infected with malware. We don't have the resource to do indepth call interviews with the customers to figure out how they got the malware. What is interesting is they are fine (no symtoms) historically and the next thing you know they are infected. I wish we had a RBL like DNS list of ipaddress infected, that people can check to see if a customer of theirs logged in from. That way institutions can start doing some proactive messaging to alert the customer and hope to reduce this problem a little.
I don't have any hope Vista is going to solve this. Ashish -----Original Message----- From: Clinton Mielke [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 12:05 PM Cc: [email protected] Subject: Re: [botnets] QoS and bot traffic To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I assume you guys keep logs of who calls, and when? Or at least when the deactivations occur on which client ip's? Would be a nice sample set to learn malware propagation patterns from. Desai, Ashish wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > One approach is to de-activate the customer's network access > and hope they call the ISP customer support. When you de-activate, you > put a notation against the customer account that they have a > BOT/infection. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
