[nsp-sec] Attack on www.betinternet.com TCP/80
Jose Nazario
jose at arbor.net
Sun Aug 30 09:07:34 EDT 2009
the attak is commanded by the hack-off botnet. black energy controller:
hack-off.info (188.130.176.251) 80
command: 10;2000;10;0;0;30;100;3;20;1000;2000#flood http
www.12bet.com,www.racingodds.com.au,www.sportsbet.com.au,www.betinternet.com,www.betchoice.com#8#xHOST_ABCD0123
last date seen: 2009-08-30 08:04:58 US Eastern
hack-off.ru shares the same IP and botnet.
many groups are working on shutdown of this botnet, including FICORA and
AusCERT. its death by any means necessary would be a welcome thing on the
internet.
i hope this helps.
--
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list