nanog mailing list archives
RE: dealing with w32/bagle
From: Mike Damm <MikeD () irwinresearch com>
Date: Wed, 3 Mar 2004 14:55:52 -0800
We created bogus DNS entries for the following entries, known to be
targeted by the worm:
www.sportscheck.de www.songtext.net www.songtext.de www.maiklibis.de www.gfotxt.net postertog.de permail.uni-muenster.de
For what its worth ns{1,2,3,4}.everydns.net will answer for the wormy domains with 127.0.0.1 to help mitigate phone-home traffic. I just registered gfotxt.net (some appear to be registered while others are not) with the proper name servers and it should be visible worldwide along the normal timeline. Parties with control over the other mentioned domains or end user resolution are more than welcome to point them our way. We'll be generating some statistical data on DNS traffic and summarizing for anyone interested. -Mike
Current thread:
- Re: dealing with w32/bagle, (continued)
- Re: dealing with w32/bagle Stephen Milton (Mar 04)
- Re: dealing with w32/bagle Curtis Maurand (Mar 04)
- Message not available
- Re: dealing with w32/bagle JC Dill (Mar 05)
- Re: dealing with w32/bagle Jeff Shultz (Mar 05)
- The attachment mess, was w32/bagle David Lesher (Mar 05)