[nsp-sec] New (?) chinese ddos bot ...
Jose Nazario
jose at arbor.net
Thu May 8 10:22:56 EDT 2008
On Thu, 8 May 2008, Jose Nazario wrote:
> "hello" is "FILE:2|1024"
> host: a857.3322.org TCP port 1800
> AS | IP | AS Name
> 4837 | 218.61.18.153 | CHINA169-BACKBONE CNCGROUP China169 Backbone
> 4837 | 123.11.194.218 | CHINA169-BACKBONE CNCGROUP China169 Backbone
my bad ... should have listed info about the sample:
URL: http://fstky.freehoxt.com/zhuanshen.exe
MD5: a22303915d43af258d580d52d8ec1ea8
SHA1: 3703c058ae4284ee0d4ada39f202e5fc00ad9b10
File type: application/x-ms-dos-executable
File size: 807424 bytes
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list