I think that's a really great idea - would love to see it implemented! As long as we're correctly using it as a URIBL rather than RBL, it should work fine.
My 2c, Jeremy
"Jeff Chan" jeffc@surbl.org wrote in message news:1187426940.46c6b27c7a216@mail.supranet.net...
As we know, the storm malware is responsible for a large number of compromised computers in botnets, for DDOS, for e-card, PDF, and stock spams, etc. A large number of storm e-card-advertised URI IP addresses are available from the XS data source but are not currently being listed on XS. (Those IPs, of course are all or mostly bot-hosted web sites with malware loaders to further spread storm by compromising more computers and growing the botnets by infecting anyone who visits the sites.)
Shall we:
- Blacklist those on XS
- Add XS into multi.surbl.org as the 128th bit
In principle #1 and #2 could be separate issues, but to get maximum benefit if #1 is done then #2 should probably be done also.
XS will have likely have much other data added to it in future, including non-storm domain names and other URI hosts. This would only be a first step. It's also worth noting that we don't intend XS to be a malware list; we're still focussed on unsolicited messages and that is the aspect that arguably makes the storm IPs appropriate for inclusion: their appearance in huge amounts of bot-sent unsolicited messages. It just happens that the messages are primarily meant to propagate storm, but they're still unsolicited, bulk, etc.
Also, regarding storm URI IPs, some are currently being added to SC and WS. Some are probably going onto JP and PH also. But the XS collection would probably be more comprehensive than the others for now.
Comments?
Jeff C.