23 Oct
2016
23 Oct
'16
10:08 a.m.
* David Conrad:
Maybe (not sure) one way would be to examine your resolver query logs to look for queries for names that fit domain generation algorithm patterns, then tracking down the customers/devices that are issuing those queries and politely suggest they remove the malware on their systems?
Where would interested operators get that information? Would this include information how to identify those devices which participated in the CCTV-based botnet which allegedly took part in the recent attacks?