[nsp-sec-jp] ZeuS botnet (s288421667.onlinehome.us)]

Taka Mizuguchi taka @ nttv6.jp
2009年 6月 11日 (木) 02:10:09 EDT 

----------- nsp-security Confidential --------
NSP-SEC-JP各位、


s288421667.onlinehome.usをZeuSコントローラのproxyとして使った
1万近くのbotを確認ください。

Formatは、以下になります。
AS | IP_address | 国 | 最後の確認 | bot_id | AS名


-------- Original Message --------

Hi,

please find attached a list of ~10k drones which used
s288421667.onlinehome.us as a proxy for a ZeuS controller
(next backend hop: http://www.sell-ads.cn/a1b8/s.php)

Format is: ... | <epoch last seen> <uniq bot id (zip)> | ...

    kind regards, Dirk Stander (1&1) :.



2510    | 116.82.250.68    | JP | 1244427492 tabako_eigyou_0039da1e |
INFOWEB FUJITSU LIMITED
2510    | 218.226.45.236   | JP | 1244376949 d5jww81x_012a76bd | INFOWEB
FUJITSU LIMITED
2516    | 121.110.51.245   | JP | 1244353551 computername_000bfd94 |
KDDI KDDI CORPORATION
2516    | 121.111.243.58   | JP | 1244419447 t_ito_0165014f | KDDI KDDI
CORPORATION
2516    | 124.210.149.172  | JP | 1244297129 your_37bf4ad949_006ab61d |
KDDI KDDI CORPORATION
2516    | 124.214.142.118  | JP | 1244299541 d57q7dbx_00312e06 | KDDI
KDDI CORPORATION
2518    | 119.238.188.215  | JP | 1244300172 your_8176f62792_00c64a54 |
BIGLOBE NEC BIGLOBE, Ltd.
2518    | 133.205.107.189  | JP | 1244350774 fm_a925580c4050_001a119e |
BIGLOBE NEC BIGLOBE, Ltd.
2518    | 60.239.75.35     | JP | 1244312210 neccomputer_002cb204 |
BIGLOBE NEC BIGLOBE, Ltd.
2519    | 202.215.181.65   | JP | 1244306618 your_toh4jx24by_000b2390 |
VECTANT VECTANT Ltd.
2519    | 202.215.33.17    | JP | 1244423298 otake_pc_00cfd9e6 | VECTANT
VECTANT Ltd.
2519    | 222.230.68.204   | JP | 1244418131 pc_odawara03_0009c2c7 |
VECTANT VECTANT Ltd.
4685    | 122.249.185.192  | JP | 1244430826 pc30_007e3999 | ASAHI-NET
Asahi Net
4691    | 124.255.104.182  | JP | 1244368131 ___a_____0000 | DTI Dream
Train Internet Inc.
4713    | 114.149.219.130  | JP | 1244462315 fm_a058e6e1fc0f_004bfec5 |
OCN NTT Communications Corporation
4713    | 114.157.204.79   | JP | 1244419287 lenovo_cad_00545d2b | OCN
NTT Communications Corporation
4713    | 118.15.76.56     | JP | 1244296199 fm_a058e6e1fc0f_029a60a6 |
OCN NTT Communications Corporation
4713    | 118.21.26.253    | JP | 1244306932 nakamura_0005e863 | OCN NTT
Communications Corporation
4713    | 118.22.231.9     | JP | 1244417113 sakumichi_0596e90c | OCN
NTT Communications Corporation
4713    | 118.8.135.223    | JP | 1244421759 ypc02_01b54a88 | OCN NTT
Communications Corporation
4713    | 122.26.22.106    | JP | 1244415937 tinana_000d0521 | OCN NTT
Communications Corporation
4713    | 122.27.201.192   | JP | 1244419419 mukuno_pc_47d22aef | OCN
NTT Communications Corporation
4713    | 123.222.14.126   | JP | 1244475412 hakusan_0198ad37 | OCN NTT
Communications Corporation
4713    | 123.225.118.109  | JP | 1244419479 pc01_003c9cb9 | OCN NTT
Communications Corporation
4713    | 124.103.123.226  | JP | 1244297795 your_051ee797ef_0260b088 |
OCN NTT Communications Corporation
4713    | 124.96.177.69    | JP | 1244453288 houwa22_00686596 | OCN NTT
Communications Corporation
4713    | 125.205.159.54   | JP | 1244297373 user_28870a6e0b_002238d6 |
OCN NTT Communications Corporation
4713    | 219.165.78.150   | JP | 1244336049 user8_0015332f | OCN NTT
Communications Corporation
4713    | 220.97.92.220    | JP | 1244299166 d4q57dbx_15c057f8 | OCN NTT
Communications Corporation
4713    | 222.148.67.131   | JP | 1244296746 vaio_010f5a9d | OCN NTT
Communications Corporation
4713    | 60.38.233.114    | JP | 1244366793 computername_011fc7b7 | OCN
NTT Communications Corporation
4713    | 60.45.71.229     | JP | 1244421172 dl380_18_00fdea51 | OCN NTT
Communications Corporation
4713    | 60.47.69.17      | JP | 1244297341 tamaoka_00bfe86b | OCN NTT
Communications Corporation
4713    | 61.118.93.24     | JP | 1244373396 neccomputer_000852bc | OCN
NTT Communications Corporation
4725    | 211.121.161.241  | JP | 1244416660 gunshima_007ee182 | ODN
SOFTBANK TELECOM Corp.
4732    | 222.15.161.25    | JP | 1244357091 your_kmiajdwmaj_0006e8eb |
DION KDDI CORPORATION
4732    | 222.8.81.221     | JP | 1244305412 kajitower_0077a025 | DION
KDDI CORPORATION
7516    | 211.10.65.226    | JP | 1244418150 d96gwp1x_00ed1f75 | TOHKNET
Tohoku Intelligent Telecommunication Co., Inc.
9824    | 119.172.231.183  | JP | 1244340308 vaiovgc_ra52_0044400b |
ASN-ATHOMEJP
10013   | 122.145.154.92   | JP | 1244297930 533034b8a6df4d9_1d893417 |
FBDC FreeBit Co.,Ltd.
17506   | 221.115.88.34    | JP | 1244425286 ati_user10679_01dab8fd |
UCOM UCOM Corp.
17506   | 58.158.165.10    | JP | 1244424593 djnc7bbx_02654754 | UCOM
UCOM Corp.
17511   | 119.230.25.206   | JP | 1244301174 nonno_9n5i3n3nl_00184440 |
K-OPTICOM K-Opticom Corporation
17676   | 218.121.207.80   | JP | 1244299311 seko_0142a946 | GIGAINFRA
Softbank BB Corp.
17676   | 218.179.154.10   | JP | 1244296746 takashi_398ae92_00125125 |
GIGAINFRA Softbank BB Corp.
17676   | 218.45.238.162   | JP | 1244422616 z04pc02_002d2494 |
GIGAINFRA Softbank BB Corp.
17676   | 219.184.28.47    | JP | 1244299559 your_up31h80r4e_00108cf3 |
GIGAINFRA Softbank BB Corp.
17676   | 219.38.56.102    | JP | 1244308247 hirai_017ab680 | GIGAINFRA
Softbank BB Corp.
17676   | 219.46.101.46    | JP | 1244297088 fm_1557811004_a28edc23 |
GIGAINFRA Softbank BB Corp.
17676   | 221.106.22.44    | JP | 1244338586 lavie_00011c7c | GIGAINFRA
Softbank BB Corp.
17939   | 218.216.48.217   | JP | 1244468461 matsuyam_5h3y2d_001ccfd7 |
MCN-NET01 miyazaki cabletelevision network Co.,LTD
24281   | 203.184.104.29   | JP | 1244296489 mimi_000b1f3a | MCNET-T NTT
SmartConnect Corporation

-- 
Taka Mizuguchi

nsp-security-jp メーリングリストの案内