Thanks, Andrew. I was out and about, and couldn't remember the prefixes off-hand. They should have been in that PDF, iirc On Apr 26, 2012 6:01 PM, "Andrew Latham" <[email protected]> wrote:
> On Thu, Apr 26, 2012 at 5:57 PM, Kyle Creyts <[email protected]> > wrote: > > > http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf > > > > On Apr 26, 2012 5:48 PM, "Leigh Porter" <[email protected]> > > wrote: > >> > >> > >> On 26 Apr 2012, at 22:47, "Andrew Latham" > >> <[email protected]<mailto:[email protected]>> wrote: > >> > >> > >> On Thu, Apr 26, 2012 at 5:38 PM, Jeroen van Aart > >> <[email protected]<mailto:[email protected]>> wrote: > >> > >> Yes its a major problem for the users unknowingly infected. To them > >> it will look like their Internet connection is down. Expect ISPs to > >> field lots of support s > >> > >> Is there a list of these temporary servers so I can see what customers > are > >> using them (indicating infection) and head off a support call with some > >> contact? > >> > >> -- > >> Leigh > > 85.255.112.0 through 85.255.127.255 > 67.210.0.0 through 67.210.15.255 > 93.188.160.0 through 93.188.167.255 > 77.67.83.0 through 77.67.83.255 > 213.109.64.0 through 213.109.79.255 > 64.28.176.0 through 64.28.191.255 > > -- > ~ Andrew "lathama" Latham [email protected] http://lathama.net ~ > >
