Storm, meet Danchev - and SMTP Honeypots.
Dancho Danchev has been playing around with storm's fastflux and created some neat pictures showing how dynamic this network actually is.
His blog post is located here: http://ddanchev.blogspot.com/2007/09/storm-worms-fast-flux-networks.html
DISOG has been running internal SMTP honeypots for Stormworm since around August 15th. Since that date we've captured over 22,000 unique IP addresses!
Today was a slow day, 1651 unique IPs in just under 6000 emails. Since September 1st, we've managed to capture over 4685 unique IP addresses.
(Note, many IP's have been cleaned already, they are posted here for historical purposes only)
His blog post is located here: http://ddanchev.blogspot.com/2007/09/storm-worms-fast-flux
DISOG has been running internal SMTP honeypots for Stormworm since around August 15th. Since that date we've captured over 22,000 unique IP addresses!
Today was a slow day, 1651 unique IPs in just under 6000 emails. Since September 1st, we've managed to capture over 4685 unique IP addresses.
(Note, many IP's have been cleaned already, they are posted here for historical purposes only)
posted by Nicholas at
02:10
2 Comments
