The SANS ISC warns of a botnet called Polycon which may manipulate VOIP phones & their Auto-configuration File settings (CFG)

One of my honeypots detected a bot looking for Polycom master provisioning files. Such files are called by default ‘000000000000.cfg’ and contain interesting information to perform provisioning of VoIP phones. Normally, this file is renamed with the MAC address of the phone but the name can be left intact. If phone can’t find its own MAC address-based configuration, it will pull the default file. Such configuration files contain very sensitive information about internal networks and should never be publicly available.