Trending work over the last whole week lead us nowhere, often at times when you see nothing you start to have a good feeling about your job, but not when you are wire listening. The fact is that if you don’t see anything, your probably looking at the wrong place. So before going off for the weekend, we reconfigured the filters. Monday morning we were looking at strange set of packets using the p2p across multiple networks (which was strange), p2p is one protocol that will never match identities other than in a worm scenario.
By now we have a large collection of unique packet samples that probably has the source of the worm encrypted inside. We are on the lookout for an infected system that could give us the answers, however peers on the web tell us this is an old adversary called the “Storm Worm” (which I vaguely remember form the past). This post is going to be updated as soon as we have something.
{ 0 comments }