Because of a couple private requests, we're also reviving the spyware
listeningpost at emerging threats. That's also down while the bleeding
infrastructure has been taken offline.
For those of you using David Glosser's DNS-BH (malware-domains.com) and
want to point your spyware hits to the Spyware Listening Post, please
use the following IP:
75.125.225.163
This also is resolved by listeningpost.emergingthreats.net.
If you're nat familiar, this is a listening webserver that just logs the
domain requested, URL, and user agent. We then have been feeding this to
some normalizing scripts and have written a huge number of the spyware
snort sigs from that data.
In emerging threats we're going to expand that data mining in a number
of ways. We'll be using that data to help make some smaller lists of
more active domains, some advance warning for new fast flux domains, and
hopefully some additional C&C tracking for http based botnets. First off
though we're going to try to get some top 20 type lists of most active
spyware, most active domains, oldest/newest c&c, etc.
Eventually, if things go as anticipated, we may even be able to expand
this to an auto-notify service if you register your source IPs to get a
report of what came at us, and what likely infections we'd seen.
More as we get there though!
Matt
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Fax 61-29-4750-026
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
