Educause Security Discussion mailing list archives
Re: Fwd: URGENT: bot net with keylogger
From: Eli Dart <dart () NERSC GOV>
Date: Tue, 13 Apr 2004 16:24:03 -0700
In reply to "Dave Monnier, IT Security Office, Indiana University" <dmonnier () IU EDU> :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gary Flynn wrote:I hope I didn't ruin somebody's investigation by posting that site info. I thought it might be important for people to know to block that site. I'm seeing incoming IM messages carrying that link on an ongoing basis now. Its hard to know when to keep quiet about sources and details to aid law enforcement and when to post information that may keep more machines from being compromised.I hadn't disclosed that information publicly to the list because at the moment it is the only static piece of intelligence on the botnet. We've shut the botnet down 3 times now already and "itr"'s determination at keeping the network alive by changing IRC networks was what prompted that decision. We'll have to hope "itr" doesn't subscribe to EDUCAUSE-sec.
Hmmm....if this list is going to be used for real-time (or quasi-real-time) discussion of operational security issues and incidents, subscriptions _must_ be vetted. Otherwise, the attackers will be able to see what you do as you do it. If they can't now, it's only a matter of time till they figure it out. Not sure what the criteria should be for subscription (I2 member? Connected to I2? R&E Network infrastructure?)..... I only fit into the last category (NERSC networking and security -- NERSC is a DOE entity, but having cross-pollination is a Good Thing in my book). Anyway, I could be off in left hyperspace here, but Gary's comment made me think the issue worth raising.... --eli ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Attachment:
_bin
Description:
Current thread:
- Re: Fwd: URGENT: bot net with keylogger, (continued)
- Re: Fwd: URGENT: bot net with keylogger Gary Flynn (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Gary Flynn (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Dave Monnier, IT Security Office, Indiana University (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Gary Flynn (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Dave Monnier, IT Security Office, Indiana University (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Gary Flynn (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Gary Flynn (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Dave Monnier, IT Security Office, Indiana University (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Gary Flynn (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Dave Monnier, IT Security Office, Indiana University (Apr 12)
- Re: Fwd: URGENT: bot net with keylogger Eli Dart (Apr 13)