18 Aug
2007
18 Aug
'07
4:11 p.m.
Am I missing something ? I thought we were talking about IP's as URL's ? How many false positives are there likely to be when hardly anyone on dynamic IP's are going to be running a web server and hand out their IP as a URL ? And if there WERE any false positives does anyone really care ? If they want to run a reliable web server then get a proper one. My opinion.
They aren't running it on purpose. It's a bot-network-installed web server that runs to then serve as a landing place for others to get the payload file. Like all those ecard emails with http://123.123.123.123/. This is someone's machine that is infected that is sending out spams and saying, here's a payload file.
Regards, KAM