[116624] in North American Network Operators' Group
RE: Botnet hunting resources
daemon@ATHENA.MIT.EDU (Tomas L. Byrnes)
Tue Aug 11 13:57:45 2009
Date: Tue, 11 Aug 2009 10:56:35 -0700
In-Reply-To: <00c901ca1a88$c8a59650$59f0c2f0$@freeman@csirt.ja.net>
From: "Tomas L. Byrnes" <tomb@byrneit.net>
To: "Bradley Freeman" <bradley.freeman@csirt.ja.net>, "NANOG" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>-----Original Message-----
>From: Bradley Freeman [mailto:bradley.freeman@csirt.ja.net]
>Sent: Tuesday, August 11, 2009 6:37 AM
>To: 'NANOG'
>Subject: RE: Botnet hunting resources
>
>I surprised that nobody has mentioned the work of shadowserver.org,
they
>are
>able to send reports of malware infections on your networks (see
>http://www.shadowserver.org/wiki/pmwiki.php/Services/Reports). The
>service
>has proved to a brilliant tool in mitigating various forms of malware
>such
>as Conficker with almost 0% false positives.
>
>Cheers
>
[TLB:] ThreatSTOP are a Shadowserver partner, and they, along with the
Cyber_TA project @ SRI, are the source of our botnet C&C block list.=20
