Date: Fri, 29 Aug 2008 18:00:28 +
From: Jenna S. [EMAIL PROTECTED]
Subject: Hi, remember me?..
in archive my new fotos
hxxp://xsitejobs.com/myfoto.exe
Jenna :)
link de-fanged. more URLs
hxxp://shot-by-frogg.de/My_foto.exe
hxxp://armonia-spa.com.ar/My_foto.exe
Bulk mode; whois.cymru.com [2008-08-29 21:32:08 +]
39392 | 88.86.113.138| hxxp://ekoterra.unas.cz/index_9.html |
SUPERNETWORK-AS SuperNetwork s.r.o.
26496 | 208.109.220.165 | hxxp://drfrankensteins.com/index_9.html |
PAH-INC - GoDaddy.com, Inc.
26753 | 65.61.216.103|
Sweet!
I subscribed and will deploy a honeypot over the weekend. :)
Gadi Evron wrote:
Hi all.
The honey pot dump mailing list is ready. Point your servers to
report to;
[EMAIL PROTECTED]
To get us started I am quoting Jeremy, who came up with the idea of us
pointing our nepethes sensors
A good summary has been released at
http://www.insidefacebook.com/2008/08/26/update-facebook-security-fighting-koobface-worm-chain-letters/
[switched to new message title now, handling FB worm etc.]
Juha-Matti
Gadi Evron [EMAIL PROTECTED] kirjoitti:
Interesting,
Do you or anyone else
From: Marc Sachs [EMAIL PROTECTED]
To: 'Gadi Evron' [EMAIL PROTECTED]
Subject: RE: Washington Post: Atrivo/Intercage,
why are we peering with the American RBN?
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no
Thanks Dean for sharing this!
There are about 16 or so exploits up on the site at
the moment. Windows media player, quicktime, IE, etc I've not
looked at all the latest pages yet so I'm not sure which are new or
not.
I've browsed thru the pages and there was nothing new there.
Same old
Arturo 'Buanzo' Busleiman wrote:
First post, hi everybody!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dean De Beer wrote:
This site appears to be run by the authors to host their malware.
[...]
hxxp://www.ahack.info
The IP for www.ahack.info is:
203.202.239.59
According
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Gadi Evron [EMAIL PROTECTED] wrote:
From: Marc Sachs [EMAIL PROTECTED]
To: 'Gadi Evron' [EMAIL PROTECTED]
Subject: RE: Washington Post: Atrivo/Intercage,
why are we peering with the American RBN?
Unless I'm mis-reading this (or perhaps
Another nice nepenthes virtual machine is available here:
http://ids.surfnet.nl/wiki/doku.php?id=global:downloadable_demo
There are many more. I just wanted to post a couple easy options to
get you up and running.
-Jeremy
___
botnets@, the public's