[nsp-sec] 10K attacking Ips
Stephen Gill
gillsr at cymru.com
Fri Feb 8 03:17:09 EST 2008
Hi Team,
The following Ips have been attacking the Virustotal service in a few
different ways, non spoofed, should be presumed compromised:
https://www.cymru.com/nsp-sec/Owned/ddos-20070207.txt
Target: 74.53.201.162:80
Timestamp: CET
* Note: There is IP duplication (sorted), though timestamps should be
unique.
We've spotted a few possible C&Cs related to this, but not a smoking gun.
Could those of you who have visibility into any of these networks please
check to see if you can find any malware or C&C traffic on the machines?
We're not really interested in mitigation at this point, mostly attribution
and botnet triangulation. Please do NOT null route the target! :)
As always, please do NOT share this list outside of nsp-sec, and keep the
attack information nsp-sec confidential. If you have any questions feel
free to contact us.
Thanks much!
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list