[nsp-sec] Mebroot/Torpig (AS 6461, 23352, 32475)

[Tom Fischer]

Hi,

Tom Fischer wrote:
> and e.g. pointing to
> xtjhvcjh.com.           60      IN      A       206.225.86.123
> ;; AUTHORITY SECTION:
> xtjhvcjh.com.           60      IN      NS      ns1.everydns.net.
> xtjhvcjh.com.           60      IN      NS      ns3.everydns.net.
> xtjhvcjh.com.           60      IN      NS      ns4.everydns.net.
> xtjhvcjh.com.           60      IN      NS      ns2.everydns.net.

moved from 206.225.86.123 to 65.60.34.186

first seen (UTC)    last seen (UTC)
2009-04-15 19:02:08 2009-04-15 19:05:14 xtjhvcjh.com A 65.60.34.186
2009-04-15 23:10:41 2009-04-15 23:10:41 uxkkexss.biz A 65.60.34.186
2009-04-16 09:35:39 2009-04-16 09:35:39 dciwsgvx.com A 65.60.34.186

AS      | IP               | AS Name
32475   | 65.60.34.186     | SINGLEHOP-INC - SingleHop

[...]

> e.g.
> kolpinik.com.           60      IN      A       174.133.5.26
> ;; AUTHORITY SECTION:
> kolpinik.com.           60      IN      NS      ns3.everydns.net.
> kolpinik.com.           60      IN      NS      ns4.everydns.net.
> kolpinik.com.           60      IN      NS      ns2.everydns.net.
> kolpinik.com.           60      IN      NS      ns1.everydns.net.

moved from 174.133.5.26 to 65.60.34.90

2009-04-15 15:45:37 2009-04-16 01:00:35 kolpinik.com A 65.60.34.90
2009-04-16 01:00:37 2009-04-16 09:19:22 mikorki.com A 65.60.34.90
2009-04-16 01:01:38 2009-04-16 09:20:27 pibidu.com A 65.60.34.90
2009-04-15 15:46:02 2009-04-16 10:11:44 yfesyrpa.net A 65.60.34.90

AS      | IP               | AS Name
32475   | 65.60.34.90      | SINGLEHOP-INC - SingleHop

PEER_AS | IP               | AS Name
6461    | 65.60.34.90      | MFNX MFN - Metromedia Fiber Network
23352   | 65.60.34.90      | SERVERCENTRAL - Server Central Network

Any chance to null route the mentioned domains/IPs?

-- 
Tom Fischer
BFK edv-consulting GmbH                  tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe        fax: +49 721 962 01-99