[nsp-sec] The ugly on AS39823 | 92.62.96.0/20
Shelton, Steve
sshelton at Cogentco.com
Thu Apr 9 09:42:29 EDT 2009
All,
I've spent the better part a week investigating and negating some awful
- nefarious sources translating to AS39823 within 92.62.96.0/20, most
but not all of the ugly was on 92.62.101.0/24. You'll find a ton of
Malware, C&C's and rouge security applications within the 101.0/24.
inetnum: 92.62.101.0 - 92.62.101.255
netname: STARLINE_EE
descr: Starline Web Services
3249 | 92.62.101.0 | 92.62.96.0/20 | ESTPAK Elion
Enterprises Ltd.
39823 | 92.62.101.0 | 92.62.96.0/20 | COMPIC Compic Ltd.
Yesterday, I took out what appears to be a Rustock C&C server residing
at 92.62.101.27 and it still appears to be offline. It may have also
been driving the Cutwil botnet, but did not confirm this offhand.
This was a link to the .dat file:
--- reading URL hxxp://92.62.101.27:5191/d3n2829230.dat
As of this AM, we are seeing a drastic decrease in the number of inbound
complaints that translate into exploit driven spam sources and was
wondering if any else is seeing the same thing and possibly a rapid
overall decrease in spam received which would be great news.
Steve Shelton
Security Engineer
Cogent Communications
More information about the nsp-security
mailing list