Interesting. Thanks. Bizarrely, the address in the whois record seems to be an outdoor clothing and camping kit outfit in Watford. But the registrant seems to have thought that Watford is in London. Not quite as bizarre as the 419-er who thought Edinburgh was in London.
-- David Harley BA CISSP FBCS CITP Small Blue-Green World > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Julio Canto > Sent: 23 April 2009 09:25 > To: funsec > Subject: Re: [funsec] Finjan botnet story - fact or fiction? > > David Harley escribió: > >> ESet is detecting it > >> (http://www.eset.com/threat-center/blog/?p=995) but they > don't seem > >> to think it's a big-deal botnet. > > > > I hope that doesn't come back to haunt us. :-/ > > FireEye published some comments about that same thing: > > http://blog.fireeye.com/research/2009/04/hexzone-ransomware-an d-finjan.html#more > > "It is possible that the zombie count discussed in the Finjan > article includes zombies from multiple botnets instead of > one. The idea that a central management system is being used > to control the complete botnetweb instead of an individual > bontnet looks more believable. A large figure like 1.9 > million zombies is also understandable when we think in terms > of a botnetweb. Otherwise (in my personal opinion) a piece > of malware like Hexzone which is known to rely mostly on > social engineering and passive attacks to spread may not be > able to gain such a size in a few months as Finjan illustrated." > > > -- > Regards, > > Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: > +34.902.161.025 > | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | [email protected] > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
