To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Wed, 21 Feb 2007, Adriel T. Desuatels wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > List, > I have a team that has been performing research against information > collected from shadowserver. So far I'm seeing that bots are not > compromising major businesses, but do have a significant indirect negative > impact on those businesses. > > Has anyone seen bot coming from IP addresses registered to major > businesses? Has anyone seen C&C servers installed on networks run by major > businesses? Or, are these compromises mostly smaller businesses and home > users?
Try looking into spam blacklists... > > > > > On 2/16/07 6:43 PM, "Tom" <[EMAIL PROTECTED]> wrote: > > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > > ---------- > >> > >> On Wed, 14 Feb 2007, Jeremy Epstein wrote: > >>> There was also a really entertaining presentation from Patrick Petersen > >>> of > >>> IronPort at RSA, in which he mentioned use of defaced web sites as proxy > >>> forwarders for spammers. According to the presentation, the spammers > >>> have > >>> a > >>> fairly sophisticated toolkit that takes over the site and turns it into a > >>> pharmacy (or whatever) redirect site. A different goal from the Websense > >>> presentation, but still a purpose other than simple defacement. > >> > >> Indeed. I can post some screenshots of some of these tools if you are > >> interested in them. > >> > >> Anon remailers, spam tools, etc. More and more spam is being sent using > >> web servers. > >> > >> I am looking for someone to volunteer to create spam assasin rules based > >> on how these tools send mail. > > > > Rules are easy when either you don't have it installed or you are > > proactive and installed it in a non default location which is what we > > do. > > > > I have a couple of rules based upon log analysis and can probably > > generate more but can't you just use: > > http://bleedingthreats.net/bleeding-web.rules > > http://bleedingthreats.net/bleeding-exploit.rules > > http://bleedingthreats.net/bleeding-attack_response.rules > > > > Tom > > -- > > Regards, > Adriel T. Desautels > Chief Technology Officer - Netragard, LLC > Office: 617-924-4510 || Mobile : 857-636-8882 > http://www.linkedin.com/pub/1/118/a45 > http://www.netragard.com > ------------------------- > "We make IT secure." > > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
