[nsp-sec] blackenergy ddos controller - tdslight - moved
Jose Nazario
jose at arbor.net
Fri Feb 22 07:11:58 EST 2008
just saw this command come across our monitors:
Timestamp 2008-02-22 07:09:47
C&C IP 78.109.28.80
C&C Hostname tdslight.com
C&C Port 80
C&C ASN 41665
C&C CC UA
Command URL http://tdslight.com/newmod/stat.php
Command Given
10;2000;10;1;0;30;100;3;20;1000;2000#chost
http://activeprotect.cn/h0tbe1by/stat.php#1#
this black energy controller is the one behind a lot of the recent online
casino and poker site ddos attack.
activeprotect.cn A INET 78.109.28.80
AS | IP | AS Name
41665 | 78.109.28.80 | HOSTING-AS National Hosting Provider,
Hosting.UA
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list