[SURBL-Discuss] Re: Storm URI IPs to XS list?
Jeremy Fairbrass
jfairbrass at hotmail.com
Sun Aug 19 02:43:17 CEST 2007
I think that's a really great idea - would love to see it implemented! As long as we're correctly using it as a URIBL rather than
RBL, it should work fine.
My 2c,
Jeremy
"Jeff Chan" <jeffc at surbl.org> wrote in message news:1187426940.46c6b27c7a216 at mail.supranet.net...
>
>
> As we know, the storm malware is responsible for a large number of compromised
> computers in botnets, for DDOS, for e-card, PDF, and stock spams, etc. A large
> number of storm e-card-advertised URI IP addresses are available from the XS
> data source but are not currently being listed on XS. (Those IPs, of course
> are all or mostly bot-hosted web sites with malware loaders to further spread
> storm by compromising more computers and growing the botnets by infecting
> anyone who visits the sites.)
>
> Shall we:
>
> 1. Blacklist those on XS
> 2. Add XS into multi.surbl.org as the 128th bit
>
> In principle #1 and #2 could be separate issues, but to get maximum benefit if
> #1 is done then #2 should probably be done also.
>
> XS will have likely have much other data added to it in future, including
> non-storm domain names and other URI hosts. This would only be a first step.
> It's also worth noting that we don't intend XS to be a malware list; we're
> still focussed on unsolicited messages and that is the aspect that arguably
> makes the storm IPs appropriate for inclusion: their appearance in huge amounts
> of bot-sent unsolicited messages. It just happens that the messages are
> primarily meant to propagate storm, but they're still unsolicited, bulk, etc.
>
> Also, regarding storm URI IPs, some are currently being added to SC and WS.
> Some are probably going onto JP and PH also. But the XS collection would
> probably be more comprehensive than the others for now.
>
> Comments?
>
> Jeff C.
More information about the Discuss
mailing list