[Emerging-Sigs] conficker domain rules

RPG inittab at jtan.com
Tue Jan 20 07:55:50 EST 2009


I just cycled through each one looking for A records but none are alive.
   Does anyone know of a quick or bulk method of checking the whois on
each of these?  Any method I have is very clunky.  TIA

Matt Jonkman wrote:
> Great rules Jack. Surely useful, but I'd rather keep them out of the
> ruleset for the time being. They'll come and go quickly. :)
> 
> Matt
> 
> Jack Pepper wrote:
>> The previous conficker domain ruleset was 3750 rules.  that seemed a  
>> bit much.  I have created an alternate "regex from hell" version that  
>> uses PCRE to map the same 3750 domains into just 56 rules (at the  
>> price of some serious PCRE hashing).  You do what works for you.
>>
>> Detailed rules: http://www.autoshun.org/downloads/conficker.rules
>>
>> PCRE based rules: http://www.autoshun.org/downloads/rconficker.rules
>>
>> don't load them both, that's just pointless.
>>
>>
>>
>> jp
>>
> 


More information about the Emerging-sigs mailing list