[unisog] antivirus that works despite ssl

power less absolutelynopower at gmail.com
Tue Jul 10 17:43:53 GMT 2007


BTW in my exhausting coverage of the storm worm :-)  I should mention
this article:
http://www.securityfocus.com/news/11473
This explains a few things, I guess. I'm not well-versed in DNS I'm afraid.

I take it they are not talking about the urls in the storm messages
themselves?
Because those are are IP numbers not domain names  in most of the ones I
got. I

Two I just got:

Address:  24.93. 201.2
Name:    cpe-24-93-201-2.neo.res.rr.com

Address:  65.190. 29.151
Name:    cpe-065-190-029-151.triad.res.rr.com

I'd love to hear more about this dnsflux business. A comment to that article
asked?
"Why don't ISPs just block the inbound DNS traffic to home machines on
dynamic addresses? Do that and the distributed DNS part evaporates."

Is that true?

example messages:
****
Hi. School-mate has sent you a postcard.
See your card as often as you wish during the next 15 days.

SEEING YOUR CARD

If your email software creates links to Web pages, click on your card's
direct www address below while you are connected to the Internet:

http://24.93.do not click 201.2/?4b9999b98562bd22stay away
ca398b69146019a182349<http://24.93.201.2/?4b9999b98562bd22ca398b69146019a182349>

Or copy and paste it into your browser's "Location" box (where Internet
addresses go).

We hope you enjoy your awesome card.

Wishing you the best,
Administrator,
Greeting-Cards.Com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20070710/fff3c043/attachment.htm 


More information about the unisog mailing list