[nsp-sec] Anti-NATO DDOS in Ukraine

Matthew McGlashan matthew at auscert.org.au
Thu Jun 19 21:21:39 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings Jose,

> If anyone cares, and if anyone can look at this C&C for takedown .. It's a
> Black Energy botnet.

We'll have a go.  I'll pass the details on to the guys (sanitised).

Best,

- - Matt

> In relation to some anti-NATO protests in the Ukraine, we're seeing the
> folllowing attack over the past couple of days
> 
> 
> Start           2008-06-17 16:07:39 US Eastern
> End             Ongoing (2008-06-19 14:06:57 last observation)
> C&C IP          211.95.72.85
> C&C Hostname    my-loads.info
> C&C Port        80
> C&C ASN         9800
> C&C CC          CN
> Command URL     http://my-loads.info/ddos-bot/stat.php
> Command Given    
> 
> 10;2000;30;1;0;30;10;30;20;1000;2000#flood http 5.ua
> ?message=_____nato_go_home_____#10#
> 
> Target IP       217.20.163.249
> Target Hostname    5.ua
> Target ASN      15772
> Target CC       UA
> 
> 
> The victim's website is not responding. This is exactly what we're seeing in
> the news:
>     
>     http://www.russiatoday.ru/news/news/26316
> 
> Just a heads up ...
> 
> 
> -------------------------------------------------------------
> jose nazario, ph.d.  <jose at arbor.net>
> security researcher, office of the CTO
> Arbor Networks
> v: (734) 821 1427
> PGP: 0x40A7BF94
> www.arbornetworks.com
> -------------------------------------------------------------
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSFsGIih9+71yA2DNAQKA2AP/YwuQ+NBNp+fIlWQ8kuXeKm/iZj+oYHDS
ZqnCmsuNu/i4PsGggrroGpCIsBgmMbRToGlVBXX5bRw0XZJzvAkxD41jWNAnOJdE
tetkMdveNoEm5v+pZtYnLIHYhPkgzlrneCwUgbbYYKm2Br9GKKxc2aRMDBzT+Du3
w3jewEtXVP0=
=R4sR
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list