[nsp-sec] Anti-NATO DDOS in Ukraine

Fri Jun 20 00:02:58 EDT 2008

Jose,

I'll forward this case to my colleagues. Try to clean the CC by IP.

If someone could take down the Domain, that will be more effective.

Yonglin.

On 6/20/08, jose nazario <jose at arbor.net> wrote:
>
> ----------- nsp-security Confidential --------
>
> If anyone cares, and if anyone can look at this C&C for takedown .. It's a
> Black Energy botnet.
>
> In relation to some anti-NATO protests in the Ukraine, we're seeing the
> folllowing attack over the past couple of days
>
>
> Start           2008-06-17 16:07:39 US Eastern
> End             Ongoing (2008-06-19 14:06:57 last observation)
> C&C IP          211.95.72.85
> C&C Hostname    my-loads.info
> C&C Port        80
> C&C ASN         9800
> C&C CC          CN
> Command URL     http://my-loads.info/ddos-bot/stat.php
> Command Given
>
> 10;2000;30;1;0;30;10;30;20;1000;2000#flood http 5.ua
> ?message=_____nato_go_home_____#10#
>
> Target IP       217.20.163.249
> Target Hostname    5.ua
> Target ASN      15772
> Target CC       UA
>
>
> The victim's website is not responding. This is exactly what we're seeing
> in
> the news:
>
>     http://www.russiatoday.ru/news/news/26316
>
> Just a heads up ...
>
>
> -------------------------------------------------------------
> jose nazario, ph.d.  <jose at arbor.net>
> security researcher, office of the CTO
> Arbor Networks
> v: (734) 821 1427
> PGP: 0x40A7BF94
> www.arbornetworks.com
> -------------------------------------------------------------
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>

-- 
-------[CNCERT/CC]-----------------------------------------------
Zhou, Yonglin              【周勇林】
CNCERT/CC, P.R.China       【国家计算机网络应急技术处理协调中心】
Tel: +86 10 82990355  Fax: +86 10 82990399  Web: www.cert.org.cn
Finger Print: 9AF3 E830 A350 218D BD2C  2B65 6F60 BEFB 3962 1C64
-----------------------------------------------[CNCERT/CC]-------