15 Mar
2017
15 Mar
'17
3:06 p.m.
On Tue, Mar 14, 2017 at 11:40:15AM -0400, Roger Dingledine wrote:
On Tue, Mar 14, 2017 at 12:02:46AM +0000, Matthew Finkel wrote:
But I spoke with someone at IFF from the region last week and their current thought is that this is caused by some group running a bot (of some kind)
Typically botnets have victims in many countries, though, right? How did they manage to contain their bots to just UAE hosts?
Back in 2008, a variant of the Conficker worm wouldn't infect Ukrainian hosts. It used to look at the victim's IP address and keyboard layout to figure out where you are from. I suppose you can do the reverse to target only UAE users, despite some false positives and negatives.