Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Yes, the w00tw00t continues. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Yes, the w00tw00t continues.

Every day we get at least one email asking about a string they find in their own weblogs.

It'll look something like this:

/w00tw00t.at.ISC.SANS.DFind

or

/w00tw00t.at.ISC.SANS.test0

As we detailed on the website, about 4 years ago.  This tool has nothing to do with the ISC:

http://isc.sans.org/diary.html?storyid=900

We disavow and disapprove of it's unauthorized use.

These are not the droids you are looking for.

-- Joel Esler http://www.joelesler.net

Joel

454 Posts
ISC Handler
10/28/13
Looks like w00tw00t is back yet again.
Been seeing strings "/w00tw00t.at.ISC.SANS.Win32:)" over the past several weeks, along with "/w00tw00t.at.blackhats.romanian.anti-sec:)".
Anonymous

Sign Up for Free or Log In to start participating in the conversation!