[Full-disclosure] Compromised hosts lists
Jason Coombs
jasonc at science.org
Tue Feb 21 00:04:30 GMT 2006
James Lay wrote:
> I had heard tale of a site that had a semi-updated list of compromised
> hosts. I was hoping that someone knows that link...would LOVE to be
> able to get my firewall to get this list and auto-create an iptables
> rule. Thanks all!
Various forms of malware autopopulate central compromised host
directories which botnet or drone army operators use to assemble their
lists... I've found these to be particularly useful in defending against
criminal prosecutions of persons whose Windows boxes were added to such
lists during a time period in which computer forensic evidence found in
their possession appears to incriminate their computer (and by
extension, the computer owner) as a tool of the alleged crime.
I'd like a better history of compromised hosts for this purpose, and
suggest that botnet operators be required to publish their logs. ;-)
Regards,
Jason Coombs
jasonc at science.org
Full-Disclosure is hosted and sponsored by Secunia.