[nsp-sec] rustock C&C
Dave Burke
dave at amazon.com
Tue Feb 3 13:45:51 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ACK 16509.
They were doing "GET / HTTP/1.1" to www.imdb.com & www.amazon.com from
that srcIP. The webserver logs show no other activity other than that.
dave
Beasley, Jason wrote:
> ----------- nsp-security Confidential --------
>
> Suresh over at Outblaze has identified what he believes to be an rustock
> C&C existing at 69.10.44.210. From what I can tell, it appears he is
> correct. I've compiled a listing of sources communicating to this
> server. Please check the following list for your ASN:
> http://drakul.nsc.xo.net/asns.txt
> And then the full listing here for the hosts:
> https://asn.cymru.com/nsp-sec/upload/1233681381.whois.txt
> Timestamps are included.
>
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmIkN8ACgkQvMJ1IGjTxcE2aACfR6ozHaxQIGCdanbmqegt855I
2LQAn1l+nrZRSMbuD7d4X3S7LGgCibdP
=3sf1
-----END PGP SIGNATURE-----
Amazon Data Services Ireland Limited registered office: Riverside One, Sir John Rogerson's Quay, Dublin 2, Ireland. Registered in Ireland. Registration number 390566.
More information about the nsp-security
mailing list