[nsp-sec] Euro 2008 related DDoS attacks?

Serge Droz serge.droz at switch.ch
Fri Jun 27 02:49:56 EDT 2008 

These are all Spanish clubs.
Yesterday Russia lost agianst Spain 3:0.

Oh, well. But the real DoS is the fan miles in the Euro 08-Host cities.


Cheers from  Euro infected Switzerland
Serge

Jose Nazario wrote:
> ----------- nsp-security Confidential --------
> 
> some of these domains look european football (or futbol or fusbol) 
> related. and with euro '08 on ...
> 
> these are all black energy botnets. some of these nets may be related or 
> hosted on the same box (cnames and vhosts)
> 
> DECODED RESPONSES
> C&C:      http://prosto.pizdos.net/_lol/stat.php
> CMD:      10;2000;5;0;0;30;100;3;10;2000;2000#flood http 
> spainselecta.com,elfutbolin.com,rcdmallorca.es,realzaragoza.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net<malagacf.es#10# 
> 
> 
> C&C:      http://russia.net.in/_rus/stat.php
> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http 
> spainselecta.com,elfutbolin.com,realzaragoza.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net<malagacf.es#10# 
> 
> 
> C&C:      http://googlecomaolcomyahoocomaboutcom.net/yandex/ru/stat.php
> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http 
> spainselecta.com,elfutbolin.com,realzaragoza.com,canaldeportivo.com,canaldeportivo.com,rcdmallorca.es,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net,malagacf.es#10# 
> 
> 
> C&C:      http://turkeyonline.name/online/stat.php
> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http 
> spainselecta.com,elfutbolin.com,realzaragoza.com,canaldeportivo.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es<www.celtavigo.net,malagacf.es#10# 
> 
> 
> C&C:      http://vse.ohueli.net/_vse_/stat.php
> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http 
> spainselecta.com,elfutbolin.com,realzaragoza.com,rcdmallorca.es,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net<malagacf.es#10# 
> 
> 
> C&C:      http://killgay.com/_p_idrilo/stat.php
> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http 
> divaescort.com,realzaragoza.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net,malagacf.es#10# 
> 
> 
> -------------------------------------------------------------
> jose nazario, ph.d.     <jose at arbor.net> security researcher, office of 
> the CTO,  arbor networks
> v: (734) 821 1427           http://asert.arbornetworks.com/
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security 
> counter-measures.
> _______________________________________________

-- 
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch

More information about the nsp-security mailing list