The following write up is available from McAfee at: http://vil.nai.com/vil/content/v_253416.htm
It’s a nice detailed technical write up, but look below:
Why do they hide the hostname and not provide the IP address? Do they think the attacker is unaware of the discovery? Is McAfee selling that information as a “professional service”? Seriously, its only value is to enable network IDS sensors and staff to identify and block any such traffic, but apparently a hostname is too much to ask.’
UPDATE:
Plug for Symantec, they actually drop names here: http://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99&tabid=2
Values are:
- yahooo.8866.org
- sl1.homelinux.org
- 360.homeunix.com
- li107-40.members.linode.com
- ftp2.homeunix.com
- update.ourhobby.com
I had heard from a knowledgeable source that he thought the Symantec writeup was crap. McAfee and Symantec seem to agree on a lot of details though. Point Symantec and thanks for the info!