[nsp-sec] The ugly on AS39823 | 92.62.96.0/20
Chris Morrow
morrowc at ops-netman.net
Thu Apr 9 10:07:11 EDT 2009
On Thu, 9 Apr 2009, Shelton, Steve wrote:
> ----------- nsp-security Confidential --------
>
> All,
>
> I've spent the better part a week investigating and negating some awful
> - nefarious sources translating to AS39823 within 92.62.96.0/20, most
> but not all of the ugly was on 92.62.101.0/24. You'll find a ton of
> Malware, C&C's and rouge security applications within the 101.0/24.
>
> inetnum: 92.62.101.0 - 92.62.101.255
> netname: STARLINE_EE
> descr: Starline Web Services
that's in Hillar's area of the world, eh?
> As of this AM, we are seeing a drastic decrease in the number of inbound
> complaints that translate into exploit driven spam sources and was
> wondering if any else is seeing the same thing and possibly a rapid
> overall decrease in spam received which would be great news.
There are folks, like Chris Lewis at nortel that probably have some really
good data on both rustock and cutweil activities... I wonder if the .EE
Cert folks have this same info and if they've passed it along to their
local LEA folks?
-Chris
More information about the nsp-security
mailing list