[nsp-sec] Anti-NATO DDOS in Ukraine
jose nazario
jose at arbor.net
Thu Jun 19 14:54:43 EDT 2008
If anyone cares, and if anyone can look at this C&C for takedown .. It's a
Black Energy botnet.
In relation to some anti-NATO protests in the Ukraine, we're seeing the
folllowing attack over the past couple of days
Start 2008-06-17 16:07:39 US Eastern
End Ongoing (2008-06-19 14:06:57 last observation)
C&C IP 211.95.72.85
C&C Hostname my-loads.info
C&C Port 80
C&C ASN 9800
C&C CC CN
Command URL http://my-loads.info/ddos-bot/stat.php
Command Given
10;2000;30;1;0;30;10;30;20;1000;2000#flood http 5.ua
?message=_____nato_go_home_____#10#
Target IP 217.20.163.249
Target Hostname 5.ua
Target ASN 15772
Target CC UA
The victim's website is not responding. This is exactly what we're seeing in
the news:
http://www.russiatoday.ru/news/news/26316
Just a heads up ...
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO
Arbor Networks
v: (734) 821 1427
PGP: 0x40A7BF94
www.arbornetworks.com
-------------------------------------------------------------
More information about the nsp-security
mailing list