Our first bi-annual status report for 2006 is now public. We’d like to give some extra attention to the Dasher.B case. Honeynor sent an email to the alliance December 15th (2005) about port 1025/tcp activity, after we had monitored this traffic for some weeks. It was identified as unknown DCOM activities from China, and we requested a working vulnerability emulator on the alliance list. Georg Wicherski from the German Honeynet Project hacked together a tool on a short notice, and captured the first sample of Dasher.B.
This case demonstrated how the teams can work together. This case involved the Norwegian, German and Chinese teams.
The entire report can be found here: bi-annual_statusreport_2006-1.txt