[nsp-sec] Mebroot/Torpig (AS 32475, 21844, 10316)
Tom Fischer
tfischer at bfk.de
Mon Apr 27 07:34:20 EDT 2009
Hi,
new Mebroot (MBR rootkit) command&control domains:
2009-04-26 20:27:17 2009-04-26 20:27:17 cihfcwex.biz A 65.60.43.226
2009-04-27 09:40:49 2009-04-27 10:23:24 jfsbwskh.biz A 65.60.43.226
AS | IP | AS Name
32475 | 65.60.43.226 | SINGLEHOP-INC - SingleHop
PEER_AS | IP | AS Name
6461 | 65.60.43.226 | MFNX MFN - Metromedia Fiber Network
23352 | 65.60.43.226 | SERVERCENTRAL - Server Central Network
new Torpig domain:
2009-04-25 22:06:08 2009-04-27 11:26:16 cdev7rpa.net A 74.54.135.194
AS | IP | AS Name
21844 | 74.54.135.194 | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
new Torpig injection IP:
AS | IP | AS Name
10316 | 69.64.71.112 | ABACUS-NET-AS - Abacus America Inc.
PEER_AS | IP | AS Name
6461 | 69.64.71.112 | MFNX MFN - Metromedia Fiber Network
11588 | 69.64.71.112 | HIGHWINDS - Highwinds Network Group, Inc.
new mg00 Mebroot plugin domain:
2009-04-27 06:25:30 2009-04-27 10:25:54 wvhkifxc.com A 67.212.179.130
AS | IP | AS Name
32475 | 67.212.179.130 | SINGLEHOP-INC - SingleHop
PEER_AS | IP | AS Name
6461 | 67.212.179.130 | MFNX MFN - Metromedia Fiber Network
23352 | 67.212.179.130 | SERVERCENTRAL - Server Central Network
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list