From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 From: Karim Hijazi Mime-Version: 1.0 (iPad Mail 8C148) Date: Tue, 1 Feb 2011 23:20:52 -0500 Delivered-To: khijazi@unveillance.com Message-ID: <-3876642546384714312@unknownmsgid> Subject: Great meeting you today. To: "jborden@jacobydevelopment.com" Content-Type: text/plain; charset=ISO-8859-1 John, Thank you for your time today and I look forward to our next meeting. In the meantime, have a look at our latest research outlining the malware traffic emanating out of Egypt: http://www.unveillance.com/latest-news/ Take care. -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.79.77 with SMTP id o13cs127312fak; Tue, 1 Feb 2011 21:29:36 -0800 (PST) Received: by 10.151.108.13 with SMTP id k13mr706984ybm.436.1296624575766; Tue, 01 Feb 2011 21:29:35 -0800 (PST) Return-Path: Received: from mail-yx0-f173.google.com (mail-yx0-f173.google.com [209.85.213.173]) by mx.google.com with ESMTPS id q24si12273074ybk.100.2011.02.01.21.29.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:29:35 -0800 (PST) Received-SPF: neutral (google.com: 209.85.213.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.213.173; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.213.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by yxl31 with SMTP id 31so3148159yxl.4 for ; Tue, 01 Feb 2011 21:29:34 -0800 (PST) Received: by 10.150.12.12 with SMTP id 12mr10376155ybl.197.1296624574854; Tue, 01 Feb 2011 21:29:34 -0800 (PST) Return-Path: Received: from [192.168.1.70] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id q4sm3195904yba.2.2011.02.01.21.29.32 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:29:33 -0800 (PST) Subject: @InformationWeek, 2/1/11 17:45 From: "J. Tubbs" Content-Type: multipart/alternative; boundary=Apple-Mail-2-489790162 Message-Id: <0D547543-120E-4D92-AEDB-C2CD4CCE2BCA@unveillance.com> Date: Wed, 2 Feb 2011 00:29:29 -0500 To: Karim Hijazi Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPad Mail 8C148) X-Mailer: iPad Mail (8C148) --Apple-Mail-2-489790162 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii InformationWeek (@InformationWeek) 2/1/11 17:45 Gartner Quadrant Reports BI Split http://twb.io/fhtrEg -J. --Apple-Mail-2-489790162 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=utf-8

InformationWeek (@InformationWeek)
2/1/11 17:45
Gartner Quadrant Reports BI Split http://twb.io/fhtrEg

-J.

--Apple-Mail-2-489790162-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.79.77 with SMTP id o13cs127322fak; Tue, 1 Feb 2011 21:30:02 -0800 (PST) Received: by 10.236.95.41 with SMTP id o29mr17856231yhf.29.1296624600022; Tue, 01 Feb 2011 21:30:00 -0800 (PST) Return-Path: Received: from mail-gy0-f173.google.com (mail-gy0-f173.google.com [209.85.160.173]) by mx.google.com with ESMTPS id 31si4924829yhl.60.2011.02.01.21.29.59 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:30:00 -0800 (PST) Received-SPF: neutral (google.com: 209.85.160.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.160.173; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.160.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by gye5 with SMTP id 5so3151444gye.4 for ; Tue, 01 Feb 2011 21:29:59 -0800 (PST) Received: by 10.150.177.1 with SMTP id z1mr1796612ybe.230.1296624598294; Tue, 01 Feb 2011 21:29:58 -0800 (PST) Return-Path: Received: from [192.168.1.70] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id q4sm3195904yba.2.2011.02.01.21.29.57 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:29:57 -0800 (PST) Subject: @DarkReading, 2/1/11 18:08 From: "J. Tubbs" Content-Type: multipart/alternative; boundary=Apple-Mail-3-489816392 Message-Id: <53D1C677-3C46-4374-B174-72099BD5B738@unveillance.com> Date: Wed, 2 Feb 2011 00:29:56 -0500 To: Karim Hijazi Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPad Mail 8C148) X-Mailer: iPad Mail (8C148) --Apple-Mail-3-489816392 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii DarkReading (@DarkReading) 2/1/11 18:08 Zeus-SpyEye merger advances, Zeus code, features spotted in beta SpyEye kit:= http://twurl.nl/x8h0bg -J.= --Apple-Mail-3-489816392 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=utf-8

DarkReading (@DarkReading)
2/1/11 18:08
Zeus-SpyEye merger advances, Zeus code, features spotted in beta SpyEye kit: http://twurl.nl/x8h0bg

-J.

--Apple-Mail-3-489816392-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.79.77 with SMTP id o13cs127330fak; Tue, 1 Feb 2011 21:30:25 -0800 (PST) Received: by 10.236.103.164 with SMTP id f24mr17911530yhg.73.1296624625259; Tue, 01 Feb 2011 21:30:25 -0800 (PST) Return-Path: Received: from mail-gy0-f173.google.com (mail-gy0-f173.google.com [209.85.160.173]) by mx.google.com with ESMTPS id 31si4924829yhl.60.2011.02.01.21.30.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:30:25 -0800 (PST) Received-SPF: neutral (google.com: 209.85.160.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.160.173; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.160.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by mail-gy0-f173.google.com with SMTP id 5so3151444gye.4 for ; Tue, 01 Feb 2011 21:30:24 -0800 (PST) Received: by 10.150.185.5 with SMTP id i5mr10794623ybf.271.1296624624803; Tue, 01 Feb 2011 21:30:24 -0800 (PST) Return-Path: Received: from [192.168.1.70] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id q4sm3195904yba.2.2011.02.01.21.30.23 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:30:24 -0800 (PST) Subject: @slashdot, 2/1/11 19:12 From: "J. Tubbs" Content-Type: multipart/alternative; boundary=Apple-Mail-4-489842864 Message-Id: Date: Wed, 2 Feb 2011 00:30:22 -0500 To: Karim Hijazi Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPad Mail 8C148) X-Mailer: iPad Mail (8C148) --Apple-Mail-4-489842864 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Slashdot (@slashdot) 2/1/11 19:12 US Dept. of Justice, ICE Still Seizing Domains http://bit.ly/ifoOFT -J. --Apple-Mail-4-489842864 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=utf-8

Slashdot (@slashdot)
2/1/11 19:12
US Dept. of Justice, ICE Still Seizing Domains http://bit.ly/ifoOFT

-J.

--Apple-Mail-4-489842864-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.79.77 with SMTP id o13cs127370fak; Tue, 1 Feb 2011 21:32:17 -0800 (PST) Received: by 10.91.92.19 with SMTP id u19mr11752890agl.111.1296624737044; Tue, 01 Feb 2011 21:32:17 -0800 (PST) Return-Path: Received: from mail-gx0-f173.google.com (mail-gx0-f173.google.com [209.85.161.173]) by mx.google.com with ESMTPS id d4si5447545and.61.2011.02.01.21.32.16 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:32:17 -0800 (PST) Received-SPF: neutral (google.com: 209.85.161.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.161.173; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.161.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by gxk28 with SMTP id 28so3172789gxk.4 for ; Tue, 01 Feb 2011 21:32:16 -0800 (PST) Received: by 10.90.99.15 with SMTP id w15mr455166agb.143.1296624736504; Tue, 01 Feb 2011 21:32:16 -0800 (PST) Return-Path: Received: from [192.168.1.70] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id b27sm28172951ana.8.2011.02.01.21.32.15 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:32:16 -0800 (PST) Subject: @slashdot, 2/1/11 23:00 From: "J. Tubbs" Content-Type: multipart/alternative; boundary=Apple-Mail-5-489953509 Message-Id: <71D0D1B6-0C34-4551-B1FA-A3F74869A07F@unveillance.com> Date: Wed, 2 Feb 2011 00:32:13 -0500 To: Karim Hijazi Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPad Mail 8C148) X-Mailer: iPad Mail (8C148) --Apple-Mail-5-489953509 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii We have a lot of tor nodes in the system. Slashdot (@slashdot) 2/1/11 23:00 Egyptians Turn To Tor To Organize Dissent Online http://bit.ly/gwjvV0 -J. --Apple-Mail-5-489953509 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=utf-8

We have a lot of tor nodes in the system.

Slashdot (@slashdot)
2/1/11 23:00
Egyptians Turn To Tor To Organize Dissent Online http://bit.ly/gwjvV0

-J.

--Apple-Mail-5-489953509-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.79.77 with SMTP id o13cs127404fak; Tue, 1 Feb 2011 21:33:38 -0800 (PST) Received: by 10.236.103.38 with SMTP id e26mr17769040yhg.88.1296624817591; Tue, 01 Feb 2011 21:33:37 -0800 (PST) Return-Path: Received: from mail-yw0-f45.google.com (mail-yw0-f45.google.com [209.85.213.45]) by mx.google.com with ESMTPS id g7si7471761yhd.39.2011.02.01.21.33.37 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:33:37 -0800 (PST) Received-SPF: neutral (google.com: 209.85.213.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.213.45; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.213.45 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by ywa8 with SMTP id 8so3155015ywa.4 for ; Tue, 01 Feb 2011 21:33:37 -0800 (PST) Received: by 10.151.9.3 with SMTP id m3mr10784410ybi.32.1296624817043; Tue, 01 Feb 2011 21:33:37 -0800 (PST) Return-Path: Received: from [192.168.1.70] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id q31sm14718676yba.6.2011.02.01.21.33.36 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 21:33:36 -0800 (PST) Subject: @briankrebs, 2/1/11 21:43 From: "J. Tubbs" Content-Type: multipart/alternative; boundary=Apple-Mail-6-490033768 Message-Id: <5A9D468C-E818-4F1D-8B2D-8B5607B3AA81@unveillance.com> Date: Wed, 2 Feb 2011 00:33:33 -0500 To: Karim Hijazi Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPad Mail 8C148) X-Mailer: iPad Mail (8C148) --Apple-Mail-6-490033768 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Know these guys? :) briankrebs (@briankrebs) 2/1/11 21:43 Calm before the storm. New Waledac worm stole 123,00+ FTP credentials, + alm= ost 490k POP3 email accounts! http://bit.ly/hhTdDi -J.= --Apple-Mail-6-490033768 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=utf-8

Know these guys? :)

briankrebs (@briankrebs)
2/1/11 21:43
Calm before the storm. New Waledac worm stole 123,00+ FTP credentials, + almost 490k POP3 email accounts! http://bit.ly/hhTdDi

-J.

--Apple-Mail-6-490033768-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.79.77 with SMTP id o13cs115456fak; Tue, 1 Feb 2011 12:28:28 -0800 (PST) Received: by 10.42.172.130 with SMTP id n2mr10149821icz.133.1296592107884; Tue, 01 Feb 2011 12:28:27 -0800 (PST) Return-Path: Received: from gateout02.mbox.net (gateout02.mbox.net [165.212.64.22]) by mx.google.com with ESMTPS id u5si55056071ics.62.2011.02.01.12.28.27 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 12:28:27 -0800 (PST) Received-SPF: neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) client-ip=165.212.64.22; Authentication-Results: mx.google.com; spf=neutral (google.com: 165.212.64.22 is neither permitted nor denied by best guess record for domain of jhunt@mitagroup.com) smtp.mail=jhunt@mitagroup.com Received: from gateout02.mbox.net (gwo2-lo [127.0.0.1]) by gateout02.mbox.net (Postfix) with ESMTP id E99584BF6A2 for ; Tue, 1 Feb 2011 20:28:26 +0000 (GMT) X-USANET-Received: from gateout02.mbox.net [127.0.0.1] by gateout02.mbox.net via mtad (C8.MAIN.3.72B) with ESMTP id 585PBauCy9824Mo2; Tue, 01 Feb 2011 20:28:24 -0000 Received: from s1hub3.EXCHPROD.USA.NET [165.212.120.254] by gateout02.mbox.net via smtad (C8.MAIN.3.72B) with ESMTPS id XID858PBauCy2218Xo2; Tue, 01 Feb 2011 20:28:24 -0000 X-USANET-Source: 165.212.120.254 IN jhunt@mitagroup.com s1hub3.EXCHPROD.USA.NET X-USANET-MsgId: XID858PBauCy2218Xo2 Received: from MBX6.EXCHPROD.USA.NET ([10.120.221.61]) by s1hub3.EXCHPROD.USA.NET ([10.120.220.33]) with mapi; Tue, 1 Feb 2011 20:28:17 +0000 From: James Hunt To: "khijazi@unveillance.com" Date: Tue, 1 Feb 2011 20:29:40 +0000 Subject: heard of these guys? Thread-Topic: heard of these guys? Thread-Index: AcvCTsB9FYry9BNSSR2yq7ijzguZZQ== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_B41C53427D44E140AFB94BCBDEE1781A090AABB9FCMBX6EXCHPRODU_" MIME-Version: 1.0 --_000_B41C53427D44E140AFB94BCBDEE1781A090AABB9FCMBX6EXCHPRODU_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable http://www.threatstop.com/ this was brought up today in the discussion. Jim Jim Hunt, Managing Partner MITA Group, Inc. 703/338-6414 - cell 703/903-0201 - fax --_000_B41C53427D44E140AFB94BCBDEE1781A090AABB9FCMBX6EXCHPRODU_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

http://www.threatstop.com/

this was brought up= today in the discussion.

Jim

&nb= sp;

Jim Hunt, Managing Partner

MITA Group, Inc.

703/338-6414 - cell<= /i>

703/= 903-0201 - fax

= ;

= --_000_B41C53427D44E140AFB94BCBDEE1781A090AABB9FCMBX6EXCHPRODU_-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 References: From: Karim Hijazi In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8C148) Date: Tue, 1 Feb 2011 16:06:02 -0500 Delivered-To: khijazi@unveillance.com Message-ID: <-4973520949867803023@unknownmsgid> Subject: Re: heard of these guys? To: James Hunt Content-Type: multipart/alternative; boundary=20cf3054a25b9a8f25049b3ee646 --20cf3054a25b9a8f25049b3ee646 Content-Type: text/plain; charset=ISO-8859-1 Sure have. Almost negotiated a deal to consume their feed until we found we had all of their sources individually except their own honeypot data which was trivial. They may have beefed up. Was there good things to say about them? -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On Feb 1, 2011, at 3:28 PM, James Hunt wrote: http://www.threatstop.com/ this was brought up today in the discussion. Jim *Jim Hunt, Managing Partner* *MITA Group, Inc.* *703/338-6414 - cell* *703/903-0201 - fax* --20cf3054a25b9a8f25049b3ee646 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Sure have. Almost negotiated a deal to= consume their feed until we found we had all of their sources individually= except =A0their own honeypot data which was trivial.

<= div> They may have beefed up. Was there good things to say about them?

--
All the best,

Karim Hijazi
CEO | President
Unveillance
O. (800) 540-8478

M. (561) 542-5704
www= .unveillance.com
k= hijazi@unveillance.com

***********************= *********************

CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the na= med
person's use only. The information contained in this comm= unication is
confidential and/or privileged, proprietary informat= ion that is

transmitted solely for the purpose of the intended recipient(s). No
confidentiality or privilege is waived or lost by any
mis= transmission. =A0If you receive this message in error, please
imm= ediately delete it and all copies of it from your system, destroy

any hard copies of it and notify the sender. You must not, directly or=
indirectly, use, disclose, distribute, print, or copy any part o= f this
message if you are not the intended recipient. The sender = or any of

its subsidiaries each reserve the right to monitor all e-mail
communications through its networks.
**************************= ******************

On Feb 1, 2011, at 3:28 PM, James Hu= nt <jhunt@mitagroup.com> w= rote:

http://www.threatstop.com/
=A0
this was brought up today in the discussion.<= /p>
=A0
Jim
=A0
=A0
<= i>Jim Hunt, Managing Partner

MITA Group, I= nc.
703/338-6414 - cell
703/903-0201 - fax

=A0

--20cf3054a25b9a8f25049b3ee646-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 References: From: Karim Hijazi In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8C148) Date: Tue, 1 Feb 2011 16:11:18 -0500 Delivered-To: khijazi@unveillance.com Message-ID: <5447225795450156937@unknownmsgid> Subject: Re: heard of these guys? To: James Hunt Content-Type: multipart/alternative; boundary=00151747b4369c42e2049b3ef96e --00151747b4369c42e2049b3ef96e Content-Type: text/plain; charset=ISO-8859-1 ThreatSTOP aggregate Dsheild, shadowsever, ISC which are all open feeds for public consumption. Also have a fair amount of false positives which is why weight them quite low. -- All the best, Karim Hijazi CEO | President Unveillance O. (800) 540-8478 M. (561) 542-5704 www.unveillance.com khijazi@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On Feb 1, 2011, at 3:28 PM, James Hunt wrote: http://www.threatstop.com/ this was brought up today in the discussion. Jim *Jim Hunt, Managing Partner* *MITA Group, Inc.* *703/338-6414 - cell* *703/903-0201 - fax* --00151747b4369c42e2049b3ef96e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
ThreatSTOP aggregate Dsheild, shadowse= ver, ISC which are all open feeds for public consumption. Also have a fair = amount of false positives which is why weight them quite low.

--
All the best,

Karim Hijazi
= CEO | President
Unveillance
O. (800) 540-8478
M. (561) 542-5704
www.unv= eillance.com

khijazi@unveillance.com=

********************************************
CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the n= amed

person's use only. The information contained in this communication= is
confidential and/or privileged, proprietary information that = is
transmitted solely for the purpose of the intended recipient(s= ). No

confidentiality or privilege is waived or lost by any
mistra= nsmission. =A0If you receive this message in error, please
immedi= ately delete it and all copies of it from your system, destroy
any hard copies of it and notify the sender. You must not, directly or
indirectly, use, disclose, distribute, print, or copy any part of thi= s
message if you are not the intended recipient. The sender or an= y of

its subsidiaries each reserve the right to monitor all e-mail
communications through its networks.
**************************= ******************

On Feb 1, 2011, at 3:28 PM, James Hu= nt <jhunt@mitagroup.com> w= rote:

http://www.threatstop.com/
=A0
this was brought up today in the discussion.<= /p>
=A0
Jim
=A0
=A0
<= i>Jim Hunt, Managing Partner

MITA Group, I= nc.
703/338-6414 - cell
703/903-0201 - fax

=A0
--00151747b4369c42e2049b3ef96e-- From - Sat May 21 19:26:02 2011 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Delivered-To: khijazi@unveillance.com Received: by 10.223.79.77 with SMTP id o13cs118736fak; Tue, 1 Feb 2011 14:08:22 -0800 (PST) Received: by 10.100.213.15 with SMTP id l15mr5304419ang.229.1296598100756; Tue, 01 Feb 2011 14:08:20 -0800 (PST) Return-Path: Received: from mail-gx0-f173.google.com (mail-gx0-f173.google.com [209.85.161.173]) by mx.google.com with ESMTPS id t1si52798382anp.154.2011.02.01.14.08.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 14:08:20 -0800 (PST) Received-SPF: neutral (google.com: 209.85.161.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) client-ip=209.85.161.173; Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.161.173 is neither permitted nor denied by best guess record for domain of jtubbs@unveillance.com) smtp.mail=jtubbs@unveillance.com Received: by gxk28 with SMTP id 28so3034316gxk.4 for ; Tue, 01 Feb 2011 14:08:20 -0800 (PST) Received: by 10.150.91.17 with SMTP id o17mr7544319ybb.41.1296598100021; Tue, 01 Feb 2011 14:08:20 -0800 (PST) Return-Path: Received: from [192.168.1.75] (99-1-188-105.lightspeed.tukrga.sbcglobal.net [99.1.188.105]) by mx.google.com with ESMTPS id v6sm2960097ybk.20.2011.02.01.14.08.18 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Feb 2011 14:08:19 -0800 (PST) Subject: Re: Figured you might find this compelling Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: multipart/alternative; boundary=Apple-Mail-4-463317667 From: "J. Tubbs" In-Reply-To: <4D469562.7020704@unveillance.com> Date: Tue, 1 Feb 2011 17:08:17 -0500 Cc: extraexploit@gmail.com Message-Id: <1B38A0D1-8A41-40DC-BB1A-30A3E52AAB7B@unveillance.com> References: <4D469562.7020704@unveillance.com> To: khijazi@unveillance.com X-Mailer: Apple Mail (2.1082) --Apple-Mail-4-463317667 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I apologize for not getting back to you much sooner. Things have been a = little insane, as I am sure you can relate. I wanted to share a few more things with you per what we are seeing in = our data flow based purely on malware activity. I've appended a few updates to the latest = blog(http://www.unveillance.com/latest-news/egypts-malware-activity-post-i= nternet-shutdown/) that included one from yesterday as we saw NOOR going = down and one today of the summary of events we have collected post NOOR = disappearing. I have yet to update with the following, though, as I am keeping tabs on = the current activity. But, we have consistently been seeing malware = activity come through hourly up until about three hours ago. AS8452 = (196.218.252.0/22) was the lastest prefix we saw with an event. I am = curious if you are seeing similar take downs across the board. It = appears that almost all route and bgp announcements out of Egypt have = gone silent. Looking forward to chatting with you. Take care, my friend. Love your = blog, btw. J. Tubbs CTO Unveillance, LLC O. (404) 482-3557 www.unveillance.com jtubbs@unveillance.com ******************************************** CONFIDENTIAL & PRIVILEGED COMMUNICATION This message is for the named person's use only. The information contained in this communication is confidential and/or privileged, proprietary information that is transmitted solely for the purpose of the intended recipient(s). No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender or any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. ******************************************** On Jan 31, 2011, at 5:56 AM: > - -------- Original Message -------- > Subject: Re: Figured you might find this compelling > Date: Mon, 31 Jan 2011 11:41:58 +0100 > From: exploit dev > To: khijazi@unveillance.com >=20 >=20 >=20 > I mistake or the only one that is not routed vs Italian AS is AS20928 = ? >=20 > On Mon, Jan 31, 2011 at 11:33 AM, Karim Hijazi Unveillance Email > > wrote: >=20 > Thank you for your kind words. Yes, please feel free to reference us. >=20 > Take care and speak soon. >=20 >=20 > On 1/31/2011 5:31 AM, exploit dev wrote: >=20 >> So I can admit that I'm interested to as20928. Further analysis > coul be >> release. But I havent so much time now. Could I report your very good >> page in my blog about ? >=20 >> Thank you very much and good work again. >=20 >> On Mon, Jan 31, 2011 at 11:28 AM, Karim Hijazi Unveillance Email >> > >> > wrote: >=20 >=20 >=20 > = http://www.unveillance.com/latest-news/egypts-malware-activity-post-intern= et-shutdown/ >=20 >> Enjoy. >=20 >=20 >> -- >> http://extraexploit.blogspot.com >=20 >=20 > - --=20 > http://extraexploit.blogspot.com --Apple-Mail-4-463317667 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I = apologize for not getting back to you much sooner. Things have = been a little insane, as I am sure you can relate.

I = wanted to share a few more things with you per what we are seeing in our = data flow based purely on malware = activity.

I've appended a few updates to the = latest blog(http://www.unveillance.com/latest-news/egypts-malwar= e-activity-post-internet-shutdown/) that included one from yesterday = as we saw NOOR going down and one today of the summary of events we have = collected post NOOR disappearing.

I have yet to = update with the following, though, as I am keeping tabs on the current = activity. But, we have consistently been seeing malware activity = come through hourly up until about three hours ago. AS8452 = (196.218.252.0/22) was the lastest prefix we saw with an event. I = am curious if you are seeing similar take downs across the board. = It appears that almost all route and bgp announcements out of = Egypt have gone silent.

Looking forward to = chatting with you. Take care, my friend. Love your blog, = btw.

J. = Tubbs
CTO
Unveillance, LLC
O. (404) 482-3557
www.unveillance.com
jtubbs@unveillance.com

********************************************
CONFIDENTIAL = & PRIVILEGED COMMUNICATION This message is for the named
person's = use only. The information contained in this communication = is
confidential and/or privileged, proprietary information that = is
transmitted solely for the purpose of the intended recipient(s). = No
confidentiality or privilege is waived or lost by any = mistransmission.
If you receive this message in error, please = immediately delete it and
all copies of it from your system, destroy = any hard copies of it and
notify the sender. You must not, directly = or indirectly, use, disclose,
distribute, print, or copy any part of = this message if you are not the
intended recipient. The sender or any = of its subsidiaries each reserve
the right to monitor all e-mail = communications through its = networks.
********************************************

On Jan 31, 2011, at 5:56 AM:

- = -------- Original Message --------
Subject: Re: = Figured you might find this compelling
Date: Mon, 31 = Jan 2011 11:41:58 +0100
From: exploit dev <extraexploit@gmail.com>
T= o: = khijazi@unveillance.com

I mistake or the only one that is not routed vs Italian AS is = AS20928 ?

On Mon, Jan 31, 2011 at 11:33 AM, Karim Hijazi = Unveillance Email
<khijazi@unveillance.com = <mailto:khijazi@unveillance.com>> wrote:

Thank you for = your kind words. Yes, please feel free to reference = us.

Take care and speak soon.

On 1/31/2011 5:31 AM, = exploit dev wrote:

So I can admit that = I'm interested to as20928. Further analysis
coul = be
release. But I havent so much time now. = Could I report your very good
page in my blog about ?

Thank you very much and good work = again.

On Mon, Jan 31, = 2011 at 11:28 AM, Karim Hijazi Unveillance = Email
<khijazi@unveillance.com = <mailto:khijazi@unveillance.com>
<mailto:khijazi@= unveillance.com = <mailto:khijazi@unveillance.com>>>
wrote:

ht= tp://www.unveillance.com/latest-news/egypts-malware-activity-post-internet= -shutdown/

Enjoy.

--
http://extraexploit.blogspot.com

- = -- =
http://extraexploit.blogspot.com

= --Apple-Mail-4-463317667--