Full Disclosure mailing list archives
Re: Compromised hosts lists
From: Jason Coombs <jasonc () science org>
Date: Tue, 21 Feb 2006 13:04:30 +1300
James Lay wrote:
I had heard tale of a site that had a semi-updated list of compromised hosts. I was hoping that someone knows that link...would LOVE to be able to get my firewall to get this list and auto-create an iptables rule. Thanks all!
Various forms of malware autopopulate central compromised host directories which botnet or drone army operators use to assemble their lists... I've found these to be particularly useful in defending against criminal prosecutions of persons whose Windows boxes were added to such lists during a time period in which computer forensic evidence found in their possession appears to incriminate their computer (and by extension, the computer owner) as a tool of the alleged crime.
I'd like a better history of compromised hosts for this purpose, and suggest that botnet operators be required to publish their logs. ;-)
Regards, Jason Coombs jasonc () science org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromised hosts lists James Lay (Feb 20)
- Re: Compromised hosts lists Jason Coombs (Feb 20)
- Re: Compromised hosts lists Gadi Evron (Feb 20)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 20)
- Re: Compromised hosts lists James Lay (Feb 21)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
- Re: Compromised hosts lists Frank Knobbe (Feb 21)
- Re: Compromised hosts lists Valdis . Kletnieks (Feb 21)
- Re: Compromised hosts lists James Lay (Feb 21)
- <Possible follow-ups>
- Re: Compromised hosts lists security czar (Feb 22)