Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Compromised hosts lists
From: Jason Coombs <jasonc () science org>
Date: Tue, 21 Feb 2006 13:04:30 +1300

James Lay wrote:
I had heard tale of a site that had a semi-updated list of compromised
hosts.  I was hoping that someone knows that link...would LOVE to be
able to get my firewall to get this list and auto-create an iptables
rule.  Thanks all!

Various forms of malware autopopulate central compromised host directories which botnet or drone army operators use to assemble their lists... I've found these to be particularly useful in defending against criminal prosecutions of persons whose Windows boxes were added to such lists during a time period in which computer forensic evidence found in their possession appears to incriminate their computer (and by extension, the computer owner) as a tool of the alleged crime.

I'd like a better history of compromised hosts for this purpose, and suggest that botnet operators be required to publish their logs. ;-)

Regards,

Jason Coombs
jasonc () science org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault