[nsp-sec] Bot C&C at AS 6389 (BellSouth)
Tom Fischer
tfischer at bfk.de
Wed Oct 22 09:30:20 EDT 2008
Hi,
On Wed, Oct 22, 2008 at 08:41:18AM -0400, Daniel Adinolfi wrote:
> We see an IRC bonet C&C server at 65.12.238.82. The malware associated
> with this seems to be IRCFlood/zapchast.
65.12.238.82 shows up in our malware sandbox as well.
alm.alm7.net, TCP/7000, channel #MU#
ksaking.dns2go.com, TCP/6667, channel #doslik joinin
2008-09-13 04:24:27 2008-09-15 14:20:36 alm.alm7.net A 65.12.238.82
2008-09-29 19:51:01 2008-09-29 19:54:39 alm.alm7.net A 209.250.232.240
2008-10-22 09:18:38 2008-10-22 13:25:00 alm.alm7.net A 65.217.52.208
2008-09-29 20:08:56 2008-10-22 13:23:38 ksaking.dns2go.com A 65.12.238.82
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list