[nsp-sec] buzus infected drones
Serge Droz
serge.droz at switch.ch
Wed Aug 5 08:01:21 EDT 2009
ACK AS559
> 3 559 | EU | SWITCH SWITCH, Swiss Education and Research Network
PS: This is CH not EU I'm afraid :-(
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a summary of ASNs with drones showing signs of
> a buzus infection. The drones downloaded the following files during
> the last two weeks from travelthegreenway.com
> http://www.virustotal.com/analisis/97b454b4bd0fe4389aab386b826e2caccc89f0034701f69071a4ac739420fb87-1248722899
> http://www.virustotal.com/analisis/ed6bc4e5a1a19f4afe35441a07841001fef70e43582022c24eaa04a03f8a1488-1248709108
>
> The complete list (~80MB size, ~1M IPs) is here:
> https://www.cymru.com/nsp-sec/Owned/buzus-distinct.cymru.txt
>
> Format:
> <ASN> | <IP> | <CC> | <epoch last seen> | <AS name>
>
> Format of the summary:
> <nr of IPs> <ASN> | <IP> | <CC> | <AS name>
>
> kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
More information about the nsp-security
mailing list