QuadraNet发的Sinkhole-Drone-Report是什么意思

---------- Forwarded message ----------
From: <abuse-ticket@quadranet.com>
Date: 2012/1/5
Subject: [#******] Sinkhole-Drone-Report
To: ******************


Hello,

These IP addresses are all the devices that joined our Sinkhole server that did
not arrive through the usage of am HTTP referrer. Since the Sinkhole server is
only accessed through previously malicious domain names, only infected system,
or security researchers should be seen in this list.
Please check those devices with antivirus ASAP


96.44.1**.***


For more information on this report go to:
http://www.shadowserver.org/wiki/pmwiki.php/Services/Sinkhole-HTTP-Drone


timestamp ip asn geo url type http_agent tor src_port p0f_genre p0f_detail hostname dst_port http_host http_referer http_referer_asn http_referer_geo dst_ip dst_asn dst_geo
2012-01-03 17:37:05 96.44.169.249 29761 US GET /search?q=0 HTTP/1.0 downadup Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2) 2444 80 149.20.56.** 149.20.56.** 1280 US ----------------------- 以下是精选回复-----------------------

答:蠕虫病毒, 可能乃的VPN用户中毒了吧...
这种只能算点子背, 把report的那段IP给屏蔽掉吧= =