Responsible for the creation of “scoup” the collector used by NAIDI, Georgia Tech and Stanford students mauled over the data of the attack noting that statements appeared in bogon’s (Bogus IP length (0, less than header length 20)) appeared unusually high during the attack. In addition to that information forged “adobe” site certificates and “sony” site certificates also appeared according to the recording server just behind Pandora separated by an IPS firewall. More than 1.211 gigs were extracted from the server.
Scoup is an experimental server that surfs the internet automatically sampling websites for viruses, spyware and malware which places the extraction or samples in a virtual containment for an antivirus company. The package is then placed in iso form and burned to dvd’s for mail out. What was extracted was believed to be that which was collected in the last month.
The server contained the latest W32 worms and new variants of W32 swine flu virus.