[nsp-sec] Euro 2008 related DDoS attacks?

Christoph Sprongl ch at it-austria.net
Fri Jun 27 05:50:29 EDT 2008 

Would be interesting to follow up and have eyes on it.
--> DDOS 'only' against clubs or also against country infrastructure or
others?

"Cheers from Euro infected Austria" [by serge]
christoph

> ----------- nsp-security Confidential --------
>
> These are all Spanish clubs.
> Yesterday Russia lost agianst Spain 3:0.
>
> Oh, well. But the real DoS is the fan miles in the Euro 08-Host cities.
>
>
> Cheers from  Euro infected Switzerland
> Serge
>
> Jose Nazario wrote:
>> ----------- nsp-security Confidential --------
>>
>> some of these domains look european football (or futbol or fusbol)
>> related. and with euro '08 on ...
>>
>> these are all black energy botnets. some of these nets may be related or
>> hosted on the same box (cnames and vhosts)
>>
>> DECODED RESPONSES
>> C&C:      http://prosto.pizdos.net/_lol/stat.php
>> CMD:      10;2000;5;0;0;30;100;3;10;2000;2000#flood http
>> spainselecta.com,elfutbolin.com,rcdmallorca.es,realzaragoza.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net<malagacf.es#10#
>>
>>
>> C&C:      http://russia.net.in/_rus/stat.php
>> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http
>> spainselecta.com,elfutbolin.com,realzaragoza.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net<malagacf.es#10#
>>
>>
>> C&C:      http://googlecomaolcomyahoocomaboutcom.net/yandex/ru/stat.php
>> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http
>> spainselecta.com,elfutbolin.com,realzaragoza.com,canaldeportivo.com,canaldeportivo.com,rcdmallorca.es,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net,malagacf.es#10#
>>
>>
>> C&C:      http://turkeyonline.name/online/stat.php
>> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http
>> spainselecta.com,elfutbolin.com,realzaragoza.com,canaldeportivo.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es<www.celtavigo.net,malagacf.es#10#
>>
>>
>> C&C:      http://vse.ohueli.net/_vse_/stat.php
>> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http
>> spainselecta.com,elfutbolin.com,realzaragoza.com,rcdmallorca.es,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net<malagacf.es#10#
>>
>>
>> C&C:      http://killgay.com/_p_idrilo/stat.php
>> CMD:      10;2000;5;0;0;30;100;3;20;1000;2000#flood http
>> divaescort.com,realzaragoza.com,www.fcbarcelona.com,realracingclub.es,www.realvalladolid.es,www.celtavigo.net,malagacf.es#10#
>>
>>
>> -------------------------------------------------------------
>> jose nazario, ph.d.     <jose at arbor.net> security researcher, office of
>> the CTO,  arbor networks
>> v: (734) 821 1427           http://asert.arbornetworks.com/
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security
>> community. Confidentiality is essential for effective Internet security
>> counter-measures.
>> _______________________________________________
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Serge Droz, SWITCH-CERT
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> phone +41 44 268 15 63, fax +41 44 268 15 78
> serge.droz at switch.ch, http://www.switch.ch
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>

More information about the nsp-security mailing list