[nsp-sec] nadnadzzz.info
Serge Droz
serge.droz at switch.ch
Wed Jun 18 08:57:25 EDT 2008
Hello List,
I'am posting this on behalf of nic.at, the Austrian government CERT, which
isn't part of the list.
Nic.AT was given a downloader, which, when installed downloaded more dirt from
nadsam0.info:80 .
This malware finally connected to nadnadzzz.info:7000. A /who on the irc server
returned something of the order of 100'000 IPs, mostly from Brazil.
I have seen, that this IP is in dnsrr.txt since 2008-05-15.
The nic.AT people asked if there is more info available, that we can give them,
and help them digest the collected IP's
I can proxy this to nic.at or you can contact them directly through
Aaron Kaplan <kaplan at cert.at>. Please put me into the cc if appropriate.
Thanks for your help.
Serge
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20080618/31c0044b/attachment-0001.sig>
More information about the nsp-security
mailing list