[botnets] new srizbis, more links

2008-08-30 Thread Jose Nazario
Date: Fri, 29 Aug 2008 18:00:28 + From: Jenna S. [EMAIL PROTECTED] Subject: Hi, remember me?.. in archive my new fotos hxxp://xsitejobs.com/myfoto.exe Jenna :) link de-fanged. more URLs hxxp://shot-by-frogg.de/My_foto.exe hxxp://armonia-spa.com.ar/My_foto.exe

[botnets] mal links from a honeyclient

2008-08-30 Thread Jose Nazario
Bulk mode; whois.cymru.com [2008-08-29 21:32:08 +] 39392 | 88.86.113.138| hxxp://ekoterra.unas.cz/index_9.html | SUPERNETWORK-AS SuperNetwork s.r.o. 26496 | 208.109.220.165 | hxxp://drfrankensteins.com/index_9.html | PAH-INC - GoDaddy.com, Inc. 26753 | 65.61.216.103|

Re: [botnets] nepethes / honeypot dump list: volunteers and instructions

2008-08-30 Thread Charles Wyble
Sweet! I subscribed and will deploy a honeypot over the weekend. :) Gadi Evron wrote: Hi all. The honey pot dump mailing list is ready. Point your servers to report to; [EMAIL PROTECTED] To get us started I am quoting Jeremy, who came up with the idea of us pointing our nepethes sensors

Re: [botnets] [phishing] facebook worms and id theft [was: Re: XP update phish/malware]

2008-08-30 Thread Juha-Matti Laurio
A good summary has been released at http://www.insidefacebook.com/2008/08/26/update-facebook-security-fighting-koobface-worm-chain-letters/ [switched to new message title now, handling FB worm etc.] Juha-Matti Gadi Evron [EMAIL PROTECTED] kirjoitti: Interesting, Do you or anyone else

Re: [botnets] Washington Post: Atrivo/Intercage, why are we peering with the American RBN? (fwd)

2008-08-30 Thread Gadi Evron
From: Marc Sachs [EMAIL PROTECTED] To: 'Gadi Evron' [EMAIL PROTECTED] Subject: RE: Washington Post: Atrivo/Intercage, why are we peering with the American RBN? Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said good-bye to Atrivo/Intercage), it looks like they are no

Re: [botnets] Malware hosting site

2008-08-30 Thread Ivan_Macalintal
Thanks Dean for sharing this! There are about 16 or so exploits up on the site at the moment. Windows media player, quicktime, IE, etc I've not looked at all the latest pages yet so I'm not sure which are new or not. I've browsed thru the pages and there was nothing new there. Same old

Re: [botnets] Malware hosting site

2008-08-30 Thread Nick FitzGerald
Arturo 'Buanzo' Busleiman wrote: First post, hi everybody! -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dean De Beer wrote: This site appears to be run by the authors to host their malware. [...] hxxp://www.ahack.info The IP for www.ahack.info is: 203.202.239.59 According

Re: [botnets] Washington Post: Atrivo/Intercage, why are we peering wi th the American RBN? (fwd)

2008-08-30 Thread Paul Ferguson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron [EMAIL PROTECTED] wrote: From: Marc Sachs [EMAIL PROTECTED] To: 'Gadi Evron' [EMAIL PROTECTED] Subject: RE: Washington Post: Atrivo/Intercage, why are we peering with the American RBN? Unless I'm mis-reading this (or perhaps

Re: [botnets] Washington Post: Atrivo/Intercage, why are we peering with the American RBN? (fwd)

2008-08-30 Thread Jeremy
Another nice nepenthes virtual machine is available here: http://ids.surfnet.nl/wiki/doku.php?id=global:downloadable_demo There are many more. I just wanted to post a couple easy options to get you up and running. -Jeremy ___ botnets@, the public's