[nsp-sec] history on irc.intelligence-tech.com
Jose Nazario
jose at arbor.net
Mon Feb 25 15:48:24 EST 2008
On Mon, 25 Feb 2008, Jason Chambers wrote:
> I've noticed in our recent infections that 8.14.145.68 is involved with
> a few. Looking back at some past data, I see this botnet as far back as
> 2007-03-04.
i have malcode matching that:
2007-02-06
irc.intelligence-tech.com TCP port 25394
MD5: 49d136a9c9108085cce9547f8217c6f2
SHA1: None
File type: application/x-ms-dos-executable
File size: 40960 bytes
2006-01-24
irc.intelligence-tech.com TCP port 25394
MD5: be9cb8898de165b73ac53b439d37e072
SHA1: None
File type: application/x-ms-dos-executable
File size: 40960 bytes
2006-01-24
irc.intelligence-tech.com TCP port 21958
MD5: aa2e4b161fbdf22c0ace733a5ccb1482
SHA1: None
File type: application/x-ms-dos-executable
File size: 40960 bytes
a quick google search shows it's associated with all sorts of badness from
many perspectives.
http://www.google.com/search?q=intelligence-tech.com&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list