[nsp-sec] Attack on www.betinternet.com TCP/80
Nicholas Ianelli
ni at centergate.net
Sun Aug 30 20:07:42 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Has anyone reached out to Affilias or CERT-RU, I don't want to duplicate
work as these avenues have previously been discussed.
Nick
Jose Nazario wrote:
> ----------- nsp-security Confidential --------
>
> the attak is commanded by the hack-off botnet. black energy controller:
>
> hack-off.info (188.130.176.251) 80 command:
> 10;2000;10;0;0;30;100;3;20;1000;2000#flood http
> www.12bet.com,www.racingodds.com.au,www.sportsbet.com.au,www.betinternet.com,www.betchoice.com#8#xHOST_ABCD0123
>
>
> last date seen: 2009-08-30 08:04:58 US Eastern
>
> hack-off.ru shares the same IP and botnet.
>
> many groups are working on shutdown of this botnet, including FICORA and
> AusCERT. its death by any means necessary would be a welcome thing on
> the internet.
>
> i hope this helps.
>
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkqbFE4ACgkQi10dJIBjZIAyvQCg3lPrDxZVWaqfDZ5mkOv2tAJs
/i4AnAo/Bz22X3xmoSrisM1eSwnRIlMB
=G4/f
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list