To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
List,
I have a team that has been performing research against information
collected from shadowserver. So far I'm seeing that bots are not
compromising major businesses, but do have a significant indirect negative
impact on those businesses.
Has anyone seen bot coming from IP addresses registered to major
businesses? Has anyone seen C&C servers installed on networks run by major
businesses? Or, are these compromises mostly smaller businesses and home
users?
On 2/16/07 6:43 PM, "Tom" <[EMAIL PROTECTED]> wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
>>
>> On Wed, 14 Feb 2007, Jeremy Epstein wrote:
>>> There was also a really entertaining presentation from Patrick Petersen of
>>> IronPort at RSA, in which he mentioned use of defaced web sites as proxy
>>> forwarders for spammers. According to the presentation, the spammers have
>>> a
>>> fairly sophisticated toolkit that takes over the site and turns it into a
>>> pharmacy (or whatever) redirect site. A different goal from the Websense
>>> presentation, but still a purpose other than simple defacement.
>>
>> Indeed. I can post some screenshots of some of these tools if you are
>> interested in them.
>>
>> Anon remailers, spam tools, etc. More and more spam is being sent using
>> web servers.
>>
>> I am looking for someone to volunteer to create spam assasin rules based
>> on how these tools send mail.
>
> Rules are easy when either you don't have it installed or you are
> proactive and installed it in a non default location which is what we
> do.
>
> I have a couple of rules based upon log analysis and can probably
> generate more but can't you just use:
> http://bleedingthreats.net/bleeding-web.rules
> http://bleedingthreats.net/bleeding-exploit.rules
> http://bleedingthreats.net/bleeding-attack_response.rules
>
> Tom
--
Regards,
Adriel T. Desautels
Chief Technology Officer - Netragard, LLC
Office: 617-924-4510 || Mobile : 857-636-8882
http://www.linkedin.com/pub/1/118/a45
http://www.netragard.com
-------------------------
"We make IT secure."
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
