IDS mailing list archives

RE: Spyware Master Hosts DB

From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Sat, 2 Apr 2005 13:08:13 -0600

Still not sure what you are talking about.  The bleeding snort project
has some spyware and malware rule sets for Snort.  www.bleedingsnort.com
and www.snort.org.  Is that what your looking for? 

-----Original Message-----
From: Konstantin Khrooschev [mailto:nathoo () rtsnet ru] 
Sent: Saturday, April 02, 2005 9:04 AM
To: Harper, Patrick
Cc: focus-ids () securityfocus com
Subject: Re: Spyware Master Hosts DB

Harper, Patrick wrote:

Something like this?
http://www.bleedingsnort.com/blackhole-dns/

thanks for great resource, but it isn't exactly what mean.

i think about special trusted DNS somewhere on the net doing reverse
lookup
every known "master" host ip to something like 
master1.gator.in-addr.spyware for example.
firewall log analiser script can use it automatically to detect
infection.

-----Original Message-----
From: Konstantin Khrooschev [mailto:nathoo () rtsnet ru] 
Sent: Friday, April 01, 2005 1:55 AM
To: focus-ids () securityfocus com
Subject: Spyware Master Hosts DB

hello all!
can anybody say something about idea of spyware owners network database
to use in network ids.
i mean of course not db of every infected computer on the net :-) but
database of "master" computer addresses, to which victims try to send
information.
i think, it may be something like dns based open relay db.







-----------------------------------------
Disclaimer:  This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s). This
message may contain information that is privileged or otherwise protected
from disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you have
received this message in error, please delete it and notify the sender
immediately.


--------------------------------------------------------------------------
Stop hurting your network!

The NeVO passive vulnerability sensor continuously finds vulnerabilities,
applications and new hosts without the need for network scanning.
It also finds compromised systems with application-based intrusion detection.
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------

Current thread:

Spyware Master Hosts DB Konstantin Khrooschev (Apr 01)
- <Possible follow-ups>
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
  - Re: Spyware Master Hosts DB Konstantin Khrooschev (Apr 04)
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
  - Re: Spyware Master Hosts DB Rodrigo Barbosa (Apr 05)